Authentication approaches

You can perform MAC authentication on the access device (local authentication) or through a Remote Authentication Dial-In User Service (RADIUS) server.

Suppose a source MAC unknown packet arrives at a MAC authentication enabled port.

In the local authentication approach:

If MAC-based accounts are used, the access device uses the source MAC address of the packet as the username and password to search its local account database for a match.
If a shared account is used, the access device uses the shared account username and password to search its local account database for a match.

In the RADIUS authentication approach:

If MAC-based accounts are used, the access device sends the source MAC address as the username and password to the RADIUS server for authentication.
If a shared account is used, the access device sends the shared account username and password to the RADIUS server for authentication.

For more information about configuring local authentication and RADIUS authentication, see "Configuring AAA."

prev	up	next
User account policies	home	MAC authentication timers