[x]

Overview > MAC-based quick portal authentication

 

 Next

MAC-based quick portal authentication

MAC-based quick portal authentication is applicable to scenarios where users access the network frequently. It allows users to pass authentication without entering a username and password. MAC-based quick portal authentication is also called MAC-trigger authentication or transparent portal authentication.

A MAC binding server is required for MAC-trigger authentication. The MAC binding server records the MAC-to-account bindings of portal users for authentication. The account contains the portal authentication information of the user, including username and password.

Only direct portal authentication supports MAC-based quick portal authentication.

MAC-based quick portal authentication modes include local authentication and remote authentication.

The authentication is implemented as follows:

  1. When a user accesses the network, the access device generates a MAC-trigger entry that records the user's MAC address and access interface. The user can access the network without performing portal authentication if the user's network traffic is below the free-traffic threshold.

  2. When the user's network traffic reaches the threshold, the access device sends a MAC binding query to the MAC binding server.

  3. The MAC binding server checks whether a matching MAC-account binding entry exists. A MAC-account binding entry records the MAC address and the portal account information of a portal user.

  4. According to the check result, the user is authenticated as follows:

    • If a matching MAC-account binding entry exists, the MAC binding server sends the user authentication information to the access device to initiate portal authentication. The user is authenticated without entering the username and password.

      • If the user fails portal authentication, an authentication failure message is returned to the user. The MAC-trigger entry of the user on the access device is deleted when the entry ages out.

      • If the user passes portal authentication, the access device deletes the MAC-trigger entry of the user.

    • If no matching MAC-account binding entry exists, the MAC binding server notifies the access device to perform normal portal authentication for the user.

      • If the user fails portal authentication, an authentication failure message is returned to the user. The whole process is finished.

      • If the user passes portal authentication, the access device deletes the user's MAC-trigger entry and sends the user's MAC address and authentication information to the MAC binding server. The MAC binding server creates a MAC-account binding entry for the user.

In wireless networks where APs are configured to forward client data traffic, APs report traffic statistics to the AC at a regular interval. The AC can determine whether a user's traffic exceed the free-traffic threshold only after receiving the traffic statistics report from the associated AP. For information about setting the report interval, see "Setting the interval at which an AP reports traffic statistics to the AC."

For information about MAC binding server configuration, see the user manual of the server.

prev

 

up

 next

BYOD support 

home

 Compatibility information

© Copyright 2017 Hewlett Packard Enterprise Development LP