MAC-based authentication is an alternative to 802.1X authentication that allows network access to devices (such as printers and IP phones) that do not have the 802.1X supplicant capability. MAC-based authentication uses the MAC address of the connecting device to grant or deny network access.
To configure MAC-based authentication, complete the following steps:
Procedure
Step 1 | Click Security > 802.1X Authentication > MAC-Based Authentication Settings |
Step 2 | Enter the following fields:
-
MAC Authentication Type—Select one of the following options:
-
EAP—Use RADIUS with EAP encapsulation for the traffic between the switch (RADIUS client) and the RADIUS server, which authenticates a MAC-based supplicant.
-
RADIUS—Use RADIUS without EAP encapsulation for the traffic between the switch (RADIUS client) and the RADIUS server, which authenticates a MAC-based supplicant.
Username Format
In MAC-based authentication, the supplicant's username is based on the supplicant device MAC address. The following defines the format of this MAC-based username, which is sent from the switch to the RADIUS server, as part of the authentication process.
-
Group Size—Number of ASCII characters between delimiters of the MAC address sent as a user name.
-
Group Separator—Character used as a delimiter between the defined groups of characters in the MAC address.
-
Case—Send user name in lower or upper case.
MAC Authentication Password
-
Password—Defines the password that the switch uses for authentication via the RADIUS server. Select one of the following options:
-
Use default (Username)—Select this to use the defined username as the password.
-
Encrypted—Define a password in encrypted format.
-
Plaintext—Define a password in plaintext format.
-
Password MD5 Digest—Displays the MD5 Digest password.
|
Step 3 | Click Apply and the settings are saved to the Running Configuration file. Click Display Sensitive Data as Plaintext to display the password if it is encrypted. |