Overview
MAC address authentication controls
a user's network access rights based on the user's interface and
MAC address. The user does not need to install any client software.
After detecting the user's MAC address for the first time on an interface
where MAC address authentication is running, the device begins authenticating
the user. During the authentication, the user does not need to enter
a user name or password.
Based on different
user name formats and content that the access device uses to authenticate
users, user name formats used in MAC authentication can be classified
into the following types:
- MAC address: The device uses a user's MAC address as the user
name for authentication. The device can also use the MAC address or
a user-defined character string as the user password.
- Fixed user name: Regardless of users' MAC addresses, all users
use a fixed name and password designated on the access device for
authentication. As multiple users can be authenticated on the same
interface, all users requiring MAC address authentication on the interface
use the same fixed user name. The server only needs to configure one
user account to meet the authentication demands of all users. This
applies to a network environment with reliable clients.
- DHCP option: The device replaces a user's MAC address with the
obtained user DHCP option and a fixed password as identity information
for authentication. In this mode, the device must support MAC authentication
triggering through DHCP packets.
Guest VLAN
When the guest VLAN function
is enabled, if the user does not respond to the MAC address authentication
request, the device adds the interface where the user resides into
the guest VLAN, so that the user can access resources in the guest
VLAN. In this manner, the user can access some network resources without
being authenticated.
User Group Authorization
The device can authorize users
based on the user group. After users are authenticated, the authentication
server groups users together. Each user group is bound to an ACL so
that users in the same user group share an ACL.