.. _example_interfaces_ethernet_authenticator_mab_localmac:
#########
Local Mac
#########
.. sidebar:: Contents
.. contents::
:depth: 2
:local:
This scenario shows how to enable the local MAB
authentication using a local MAC address database.
.. image:: localaddressdatabase.svg
:width: 400
****************************************
Test Successful MAB Local Authentication
****************************************
Description
===========
DUT0 is configured to perform MAB authentication using
a local MAC address database.
DUT1 uses a correct MAC address.
Scenario
========
.. include:: localmac/testsuccessfulmablocalauthentication
.. raw:: html
******************************************
Test Unsuccessful MAB Local Authentication
******************************************
Description
===========
DUT0 is configured to perform MAB authentication using
a local MAC address database.
DUT1 uses an incorrect MAC address.
Scenario
========
.. include:: localmac/testunsuccessfulmablocalauthentication
.. raw:: html
**************************************
Test MAB Local Authentication Failover
**************************************
Description
===========
DUT0 is configured to perform authentication using two
different methods: remote RADIUS server and local database.
When the remote server is not reachable, it failovers and
uses the local database.
Scenario
========
.. include:: localmac/testmablocalauthenticationfailover
.. raw:: html
**************************************
Test MAB Local Authentication Failopen
**************************************
Description
===========
DUT0 is configured to perform authentication using a local
MAC address database; the fail-open policy is configured as well.
As DUT1 uses an incorrect MAC address the fail-open policy will
be triggered.
Scenario
========
.. include:: localmac/testmablocalauthenticationfailopen
.. raw:: html
****************************************************
Test MAB Local Authentication Failopen Local Success
****************************************************
Description
===========
DUT0 is configured to perform authentication using a local
MAC address database; the fail-open policy is configured as well.
As DUT1 uses a correct MAC address the fail-open policy will not
be triggered.
Scenario
========
.. include:: localmac/testmablocalauthenticationfailopenlocalsuccess
.. raw:: html
***********************************************
Test MAB Authentication Failopen RADIUS Success
***********************************************
Description
===========
DUT0 is configured to perform authentication using two
different methods: remote RADIUS server and local MAC address
database. The fail-open policy is configured as well. As the
RADIUS server is reachable, the fail-open policy should **not**
be triggered.
Scenario
========
.. include:: localmac/testmabauthenticationfailopenradiussuccess
.. raw:: html
***********************************************
Test MAB Authentication Failopen RADIUS Failure
***********************************************
Description
===========
DUT0 is configured to perform authentication using two
different methods: remote RADIUS server and local MAC address
database. The fail-open policy is configured as well. As the
RADIUS server is reachable, the fail-open policy should **not**
be triggered.
Scenario
========
.. include:: localmac/testmabauthenticationfailopenradiusfailure
.. raw:: html
***********************************************************
Test MAB Authentication RADIUS Success Fallback to Failopen
***********************************************************
Description
===========
DUT0 is configured to perform authentication using two
different methods: remote RADIUS server and local MAC
address database. It is also configured to authorise the
port by default if the RADIUS servers are not reachable.
Initially, when the RADIUS server is reachable the user
should be authenticated based on its decision. When the
RADIUS server becomes unreachable, the failover policy
triggers. As the provided identity is not found on the local
database, the fail-open policy triggers and authenticates the
port.
Scenario
========
.. include:: localmac/testmabauthenticationradiussuccessfallbacktofailopen
.. raw:: html
***********************************************************
Test MAB Authentication RADIUS Failure Fallback to Failopen
***********************************************************
Description
===========
DUT0 is configured to perform authentication using two
different methods: remote RADIUS server and local MAC
address database. It is also configured to authorise the
port by default if the RADIUS servers are not reachable.
Initially, when the RADIUS server is reachable the user
should be authenticated based on its decision. When the
RADIUS server becomes unreachable, the failover policy
triggers. As the provided identity is not found on the local
database, the fail-open policy triggers and authenticates the
port.
Scenario
========
.. include:: localmac/testmabauthenticationradiusfailurefallbacktofailopen
.. raw:: html