Concepts and Terminology 17
The two forms of RADIUS authentication supported by 3Com Network
Access Manager are:
■ MAC-address based authentication, for example RADA (RADIUS
Authenticated Device Access).
■ IEEE 802.1X authentication, also known as dot1X, 802.1X and
Network Login.
MAC-address based Authentication
3Com Network Access Manager relies on the RADIUS server to perform
MAC-address based authentication through a single authentication user
name (as opposed to the MAC address as a user name).
When 3Com Network Access Manager receives an authentication request
to the MAC authentication user name, it also authenticates the MAC
address of the computer against the 3Com Network Access Manager
rules to determine the authentication outcome, as follows:
1 Look up the MAC address against all Computers configured, to find all
associated rules.
2 If rules are found, select the highest priority rule.
3 If no rules are found, select the Default Rule.
4 Return the authentication result from the selected rule.
IEEE 802.1X Authentication
When a switch performs IEEE 802.1X authentication, the process is
similar to the MAC-address based authentication, but 3Com Network
Access Manager also checks the user requested, as follows:
1 Look up the IEEE 802.1X username against all Users configured, to find
all associated rules.
2 Look up the MAC address against all Computers configured, to find all
associated rules.
3 If rules are found, select the highest priority rule.
4 If no rules are found, select the Default Rule.
5 Return the authentication result from the selected rule.
Checking the MAC address ensures that network policies such as blocked
hosts can be maintained, regardless of edge port security mode.