Section 13.2.2, Fig. 13.5, 2 authentication based on mac addresses – Westermo RedFox Series User Manual

Westermo OS Management Guide

Version 4.17.0-0

INTERNET

PC

RADIUS

INTERNET

Access controlled
ports

PC

client

802.1X capable

RADIUS

EAP−Request

RADIUS

5

Switch

1

2

3

4

8

7

6

RADIUS
EAP−Success

5

Switch

1

2

3

4

8

7

6

EAPOL Request

Authentication request with IEEE 802.1X

Unblocked

by WeOS

Successful authentication reply with IEEE 802.1X

EAPOL Reply

Figure 13.5: Principles of authentication with IEEE 802.1X and RADIUS

13.2.2

Authentication based on MAC addresses

Authentication can be based on the client’s MAC address. This is often combined
with IEEE 802.1X authentication to grant access to 802.1X capable devices and
legacy equipment lacking 802.1X support. When combined, MAC authentication
will have precedence over 802.1X authentication.

MAC based authentication is not as secure as IEEE 802.1X. Devices are granted

282

➞ 2015 Westermo Teleindustri AB