This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Enterprise
Community Forums Switches
MAC + 802.1x authenticati...

MAC + 802.1x authentication for wired user(MAC first)

Latest reply: Dec 29, 2018 06:07:57 215 5 9 0
display all floors #1

202945qzdvwxvxsegfskx1.png

1. User message trigger authentication 2. Switch send Mac to server for authentication, MAC authentication failed, trigger 802.1X certification 3. User enters user password for authentication


configuration example;


radius-server template controller_12.36
 radius-server shared-key cipher %^%#}gu$V!77QTf_=E.XK49#cLg'Smo}T!v8mIBwkKz0%^%#
 radius-server authentication 12.12.12.36 1812 weight 80
#
aaa
 authentication-scheme radius
  authentication-mode radius
 domain radius
  authentication-scheme radius
  radius-server controller_12.36
#

#
mac-access-profile name mac_access_profile
#
dot1x-access-profile name dot1x_access_profile
#
authentication-profile name mac_dot1x
 dot1x-access-profile dot1x_access_profile
 mac-access-profile mac_access_profile
 access-domain radius
#

#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 200
 authentication-profile mac_dot1x
#


authentication
  • x
  • convention:

Helpful (9) Favorite(0) Share Report
Mysterious.color
MVE Created Dec 25, 2018 13:35:32 Helpful(0) Helpful(0)

informative
  • x
  • convention:
Core%20Engineer%2C%20Technical%20Department.%20High%20experience%20in%20Networking
yiyi0519
Created Dec 26, 2018 00:37:55 Helpful(0) Helpful(0)

it is a good case, If we want to control user permissions through ACL, what configuration do I need to add?
  • x
  • convention:
SupperRobin
Created Dec 29, 2018 03:08:58 Helpful(0) Helpful(0)

Fixed user name: Regardless of users' MAC addresses, all users use a fixed name and password designated on the access device for authentication. As multiple users can be authenticated on the same interface, all users requiring MAC address authentication on the interface use the same fixed user name. The server only needs to configure one user account to meet the authentication demands of all users. This applies to a network environment with reliable clients.
  • x
  • convention:
Finn92
Created Dec 29, 2018 03:13:38 Helpful(0) Helpful(0)

If the administrator modifies parameters such as access rights and authorization attributes of an online user on the authentication server, the user must be re-authenticated to ensure user validity.

If re-authentication is configured for online 802.1X authentication users, the device sends saved authentication parameters of an online user to the authentication server for re-authentication. The device saves user authentication information after users go online. If the user authentication information on the authentication server remains unchanged, the user keeps online. If the information has been modified, the user is disconnected and needs to be re-authenticated.
  • x
  • convention:
Torrent
Created Dec 29, 2018 06:07:57 Helpful(0) Helpful(0)

The client initiates the authentication request through the HTTP/HTTPS protocol. When a HTTP/HTTPS message is connected to a device, the access device allows the HTTP/HTTPS message to access the portal server or a set of uncertified network resources, and the access device redirects it to the portal Server for HTTP/HTTPS messages that access other addresses. The Portal Server provides a Web page for the user to enter a user name and password for authentication, and notifies the client to send a post authentication request message to the access device.

thanks for sharing, we learned a lot.
  • x
  • convention:
Back to list

Reply

Reply
Advanced
B Color Image Link Quote Code Smilies
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy Terms of Use
Huawei Enterprise Huawei Carrier Forum Training & Certification

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

APP