3Com 3C17300A Implementation Guide - Page 82

82 CHAPTER 10: MAKING YOUR NETWORK SECURE For Network Login, the Switch uses EAP (Extensible Authentication Protocol). For further information about RADIUS, see "What is RADIUS?" on page 85. What is Rada? The Radius Authenticated Device Access feature complements the existing 802.1X support of the Switch. Instead of needing an 802.1X client on every end station, the switch can use the MAC address of the end station to query the RADIUS server. How Rada Works The Rada feature controls the network access of a host based on authenticating its MAC address. A host is allowed access to the entire network, to a restricted network or no access at all. The switch obtains the network access authorisation from a centrally located RADIUS server by supplying the MAC address of the host as shown in Figure 20 Figure 20 Network Login Operation via MAC Address Network Access Client without 802.1x (Client Device) Network Access Server (Switch 4200) MAC address Authentication via MAC Address RADIUS Server For Rada, the Switch uses PAP (Password Authentication Protocol). Rada has an 'Unauthorized Device action' of allowDefaultAccess or blockMacAddress, which control the action on authentication refusal.