|05-Account-PC Binding-Account-PC Binding.rar||2.35 MB|
- Table of Contents
1 Account-PC Binding
To view this video, click the download link.
Software Version Used
This video was recorded based on the following versions:
l iMC: iMC PLAT 3.20-E2403, iMC UAM 3.20-E0402
l iNode: iNode 2.40-C0341
Web interfaces of different versions may vary.
Preventing illegal use of accounts
Account theft is a common network security problem. The account-PC binding function of iMC UAM allows you to bind user PCs with access accounts so that each account can only be used on a particular PC to access the network. In this way, illegal users will not be able to use an account on a PC other than the bound one to access the network, and the threat of account theft is thus removed.
Automatic account-PC binding
Manually binding accounts with PCs one by one is cumbersome and error prone. iMC UAM is capable of learning binding automatically. After the network administrator sets the binding criteria but does not specify the binding value, iMC UAM can automatically learn the information used by users during the first successful authentications. Subsequent authentication requests will be responded to only if the binding criteria are matched. For example, the network administrator specifies to bind access accounts with the IP addresses of PCs but leave the IP addresses to be bound empty. If a user with IP address 192.168.1.1 passes authentication for the first time, iMC UAM binds the current access account with IP address 192.168.1.1. Subsequent authentications with this access account can succeed only if they are performed on a PC with IP address 192.168.1.1.
Recommended Configuration Flow
Step1 Add Access Device.
Add an access device that supports 802.1X and AAA to the iMC system, so that the access device can cooperate with the iMC system to device 802.1X and AAA features.
Step2 Add Service.
A service refers to a set of policies for user authentication and authorization.
The service added in this step includes an account-PC binding policy, where the PC's IP and MAC addresses are to be bound with a user account. Users that apply for this service are constrained by this account-PC binding policy.
Step3 Add Account.
Each user accessing the network must have an account configured in the iMC. It contains information such as the account name, password, and IP/MAC addresses of the PC to be bound.
This case shows how to add an account to the iMC system and apply for the service configured in the previous step. In this step, however, the IP and MAC addresses of the PC to be bound are not configured. Rather, they will be learned by iMC UAM automatically.
Step4 Configure Access Device.
Access devices control user access. Users that pass authentication are allowed to access the network, while those who fail to pass authentication are denied access.
This case shows how to configure a RADIUS scheme, an ISP domain, and the 802.1X feature, thus ensuring that users can normally access the network after passing authentication.
Step5 First-Time Authentication.
1) Check Binding Information Before Authentication Starts.
The binding information is empty before authentication starts. This is because no binding information was specified at step 3.
2) The user passes authentication for the first time and successfully accesses the network.
3) Check Binding Information After Authentication Succeeds.
The binding information now includes the IP and MAC addresses of the PC used by the user. This is because after the authentication succeeds, iMC automatically learns the IP and MAC addresses of the PC, and save the binding information.
Step6 Trigger Authentication After Changing Binding Information.
This case shows that the access user fails to pass the authentication after the PC’s IP address is changed.