Authentication functions, Authentication methods – H3C Technologies H3C Intelligent Management Center User Manual
Page 34
16
Authentication functions
The UAM authentication architecture supports the following authentication functions:
•
Wired 802.1X authentication—Only users that pass 802.1X authentication can access the network.
•
WLAN 802.1X authentication—Only wireless users that pass 802.1X authentication can access the
network.
•
Wired Portal authentication—Only users that pass portal authentication can access the network.
•
WLAN Portal authentication—Only wireless users that pass portal authentication can access the
network.
•
VPN authentication—Only users that pass VPN authentication can access the network.
•
Wired MAC authentication—Only users that pass MAC authentication can access the network.
•
WLAN MAC authentication—Only wireless users that pass MAC authentication can access the
network.
Authentication methods
The UAM authentication architecture supports the following authentication methods:
Username/password authentication—Used to authenticate a user by username and password. UAM
local authentication, LDAP authentication, and RSA authentication support username/password
authentication. In the three authentication methods, UAM, the LDAP server, and the RSA server verify
usernames and passwords. For more information about LDAP authentication, see "
." For more information about RSA authentication, see "
."
•
Certificate authentication—Used by an endpoint and UAM to authenticate each other by
certificate.
•
Username/password + pre-shared key authentication—Used in VPN authentication. In this
authentication method, UAM authenticates a user by username and password, and the access
device authenticates the user by pre-shared key.
•
Username/password + certificate authentication—Used in VPN authentication. In this
authentication method, UAM authenticates a user by username and password, and the endpoint
and the access device authenticate each other by certificate.
•
Transparent portal authentication—Typically used for smart devices. To pass the Web page portal
authentication for the first time, a user must input the correct username and password. UAM obtains
the username and password and automatically performs UAM local authentication and LDAP
authentication. In the two authentication methods, UAM and the LDAP server verify the username
and password. For more information about transparent portal authentication, see "
transparent portal authentication
•
Anonymous MAC authentication—Used in MAC authentication. In this authentication method,
UAM automatically performs authentication on an endpoint user without an account when the user
attempts to connect to the network. When the user accesses the network through a browser, the user
is redirected to the account registering page. This authentication method applies to visitors.
•
Transparent MAC authentication—Used in MAC authentication. If the MAC address of an endpoint
is bound with an account and enabled with transparent MAC authentication, the endpoint can
always pass MAC address authentication. A user can bind a MAC address with an account in the
user self-service center and enable transparent authentication on the MAC address. An operator