Hi long time not posting something in this blog, actually I’ve done this thing about 2 weeks ago, but I don’t have time to write (busy with other configuration that haven’t done yet till now…hicks…).
So here is the idea, my boss wants everyone in the office can only access the network if their machine have been authorized. S he asked how to do it, so I said by make some checking in the MAC address. But the problem is I don’t know how :p. Then I did endless search in Google and found nothing!!!
Then what comes up in my mind is joining a group or forum in internet, finally I managed to find one, the name is 3COM user group, you can visit the group with my complete posting in:
I have to say many thanks to the admin Maxouz for the help.
Now let’s begin with the configuration in switch. The basic idea in making MAC address authentication with 3COM switch is that we have to make some account in the switch, the account have user name and password, later that user name and password will be filled with MAC address. So when people want to access the network the machine must have the right MAC address otherwise they won’t be given the access to network.
Well this configuration require little bit coding, here is the code :
- login as admin, you can login by telnet or ssh, up to you
- type: sys, so you can view the system of your switch
- type: mac-authentication, by typing this you will enable global authentication in your switch, means it will apply to all port in the switch, but if you only want to do it in certain port, you must type: mac-authentication interface ethernet 1/0/1, this make your first port will have MAC address authentication while the other not
- define what kind of authentication will be used there is two user name as mac address or using user name only, this case we use user name as mac address, type: mac-authentication authmode usernameasmacaddress
- after that you go back to system view, you can ctrl + z and type sys
- create user based on MAC address, type: local-user 00-07-56-A4-BE-R1
- define what access will be given, type: service-type lan-access
- create password, type: password simple 00-07-56-A4-BE-R1
- done, you can add more user, just remember you have to go to system view to do it
That is all that you can do to limit unauthorized access to your network. Have a nice try 😀