Operation Manual – MAC Address AuthenticationH3C S3100 Series Ethernet Switches Chapter 1 MAC Authentication Configuration1-1Chapter 1 MAC Authentication Configuration1.1 MAC Authentication OverviewMAC authentication provides a way for authenticating users based on ports and MACaddresses, without requiring any client software to be installed on the hosts. Oncedetecting a new MAC address, it initiates the authentication process. Duringauthentication, the user does not need to enter username or password manually.For S3100 Series Ethernet switches, MAC authentication can be implemented locallyor on a RADIUS server.After determining the authentication method, users can select one of the followingtypes of user name as required:z MAC address mode, where the MAC address of a user serves as both the username and the password.z Fixed mode, where user names and passwords are configured on a switch inadvance. In this case, the user name, the password, and the limits on the totalnumber of user names are the matching criterion for successful authentication.For details, refer to AAA of this manual for information about local user attributes.1.1.1 Performing MAC Authentication on a RADIUS ServerWhen authentications are performed on a RADIUS server, the switch serves as aRADIUS client and completes MAC authentication in combination of the RADIUSserver.z In MAC address mode, the switch sends the MAC addresses detected to theRADIUS server as both the user names and passwords.z In fixed mode, the switch sends the user name and password previouslyconfigured for the user to the RADIUS server for authentication.A user can access a network upon passing the authentication performed by theRADIUS server.1.1.2 Performing MAC Authentication LocallyWhen authentications are performed locally, users are authenticated by switches. Inthis case,z In MAC address mode, the local user name to be configured is the MAC addressof an access user. Hyphens must or must not be included depending on the formatconfigured with the mac-authentication authmode usernameasmacaddressusernameformat command; otherwise, the authentication will fail.