Upon receiving this message, the switch will grant network access to the device on that port. If a RADIUS policy exists on the server that specifies the device should be granted access and the credentials are correct, the RADIUS server will respond with an Access-Accept message. The username and password combination is always the MAC address of the connecting device, lower case without delimiting characters. The switch (RADIUS client) sends a RADIUS Access-Request to the RADIUS server containing the username and password of the connecting device. When a device connects to a port with an access policy assigned, before network access is granted, the device must be authenticated by the RADIUS server. Devices are authenticated at the port level with MAC-Based RADIUS. Unauthorized users are prevented from accessing to the wired LAN because each device that connects to a switch port will need to be authenticated before network access is granted.
In some environments it is critical to control which devices can access the wired LAN. Ports in common areas make a network vulnerable to access by guests and other unauthorized users. MAC-Based RADIUS can be used to provide port based access control on your MS series switches.