MAC Address Authentication Framework Configuration Overview Interoperability Requirements and Limitations MAC Address Authentication Server Feature Support Understanding MAC Address Authentication The RADIUS server consults the authentication server and sends back a RADIUS return attribute based on authentication results.BEST PRACTICE: MAC-based authentication is not as secure as agent access or agentless access authentication. With MAC-based authentication, the MAC address serves as both the username and the password. When a device connects to a switch, the switch forwards the MAC address as the log in credential to PPS RADIUS server. The Pulse Secure MAC address authentication solution uses PPS 802.1x framework.We recommend you use LDAP for large-scale projects.Interoperability Requirements and LimitationsIntegration with an LDAP server requires the LDAP server to communicate with PPS internal interface.MAC Address Authentication Framework Configuration OverviewThe MAC address authentication framework is similar to the user access management framework. The address table for each local MAC address authentication server is limited to 500 entries. You can add entries manually or by reference to LDAP servers. To reduce risk of an exploit, create a special VLAN for each device type.MAC Address Authentication Server Feature SupportThe MAC address authentication server is a local authentication server that supports both a local database of records and integration with LDAP servers.
![]() Create a MAC address authentication server. Create LDAP server configurations for the external LDAP servers used to maintain MAC address records. We recommend using PAP with the Nortel switch. By default, the Nortel switch uses PAP, with a password in the format. Select Authentication > Signing In > Authentication Protocols Sets.The HP and Cisco switches can use CHAP and EAP-MD5-Challenge protocols for MAC address authentication with the username (the MAC address) as the clear text password. If necessary, use the Authentication Protocols Sets page to add the protocols that your Ethernet switches use for MAC authentication to PPS 802.1x protocol set. Complete the RADIUS Return Attributes Policy configuration.Ethernet Switch MAC Address Authentication Configuration OverviewThe MAC address solution depends on the Ethernet switch configuration.To configure MAC address authentication on the Ethernet switch: Complete the RADIUS Client configuration. Complete the Location Group configuration. Snippiet tool for macConfigure Ethernet switching options and VLANs to provision VLANs for non-user devices. Configure RADIUS client communication with PPS RADIUS server.
0 Comments
Leave a Reply. |
AuthorPeter ArchivesCategories |