Port access authentication based on MAC address for network security

In front of a small write a 802.1x protocol based access authentication, which is a common means to achieve network security, but the premise is that the client needs to use the appropriate media (authentication software) to achieve access authentication, then in case the customer does not want so much trouble, I hope that all by the service provider to solve it, this is certainly not a problem, today I will introduce a small series Type of access authentication that makes it easy for users, that is based on user MAC address to access authentication, the principle is to use the user's MAC address as the user's username and password, when the user access to the network, will send data frames, and network equipment by acquiring user's username and password to carry out the corresponding certification, Of course, this certification can be the network equipment itself is responsible for certification work, can also be the certification task to the AAA server to complete, small knitting here will be the two ways to achieve, the overall implementation of the comparison of simple, small set here carefully.

Network equipment Local authentication experiment topology:

Experiment Equipment: Huawei S2000 switch One, PC machine two units

Step 1:

Set up ip,pc1--192.168.102.100 for two PCs

pc2--192.168.102.200

Test the two-machine communication PC1 Ping PC2 before setting up the access authentication

SETP 2: Set up the access authentication mechanism on the switch, but do not set up the local trust account, so it will cause two hosts unable to communicate

Switch configuration:

[sw]mac-authentication//Switch to open MAC authentication in global configuration mode

[Sw]int ETH 1/0/1/Enter interface 1

[Sw-ethernet1/0/1]mac-authentication//Open Interface 1 MAC authentication

[Sw]int ETH 1/0/2/Enter interface 1

[Sw-ethernet1/0/2]mac-authentication//Open Interface 1 MAC authentication

Ping PC2 on the test of network connectivity of both machines PC1