Endpoint authentication schemes, Authentication schemes for smart devices – H3C Technologies H3C Intelligent Management Center User Manual

Page 35

Advertising
background image

17

can enable transparent authentication on MAC addresses in the endpoint MAC address list in UAM.

For more information, see "

Transparent MAC authentication

."

Mute terminal authentication—Used for mute terminals. UAM automatically processes a mute
terminal's authentication requests.

Endpoint authentication schemes

UAM provides different authentication schemes for smart devices, PCs, and mute terminals.

Authentication schemes for smart devices

Smart devices include smart phones and tablets.
As show in

Table 1

, an authentication scheme for smart devices includes these elements: authentication

function, authentication method, credential transmission method, supported client, and credential

storage location.
Authentication scheme element descriptions:

The WLAN-802.1X authentication function requires that smart device users must pass the 802.1X
authentication to access the WLAN.

The username name/password is stored in both UAM and the LDAP server but is verified only by the
LDAP server. This authentication method is called LDAP authentication.

The WLAN-Portal authentication function requires that smart device users must complete the WLAN
configuration and then pass portal authentication before they can access the WLAN.

Some LDAP servers (such as OpenLDAP) allow stored user passwords to be obtained by third-party
systems, while others (Windows AD, for example) do not. LDAP server with readable passwords

refers a LDAP server from which UAM can obtain user passwords.

The WLAN-MAC authentication function requires that smart device users must pass the MAC
authentication to access the WLAN.

Table 1 Authentication schemes for smart devices

Authentication

function

Authentication

method

Credential

transmission

method

Supported

client

Credential storage

location

WLAN-802.1X

User name +
mutual certificate
authentication

EAP-TLS

Third-party
client

User name: UAM.
Root certificate: UAM, smart

device.
Client certificate: smart

device.
Server certificate: UAM.

Username
name/password +

server certificate

authentication

EAP-PEAP-MSC
HAPv2
EAP-TTLS-MSCH
APv2

Third-party
client

Username name/password:
UAM.
Root certificate: UAM, smart
device.
Server certificate: UAM.

Username name/password:
LDAP server.
Root certificate: UAM, smart
device.

Advertising
See also other documents in the category H3C Technologies Safety: