https://community.cisco.com/t5/network-access-control/mab-and-dot1x-authentication-by-different-radius/m-p/3051338#M23308 <P>Hello fellows,i need to do something strange. Here's my scenario, i have a freeradius with mysql for authentication and vlan assignment &nbsp;with mab, but now i need the endpoints than support EAPoL (windows machines, maybe some printers, etc) to authenticate against dot1x (username and pass) not mab anymore. MySQL database has mac address of all my device but domain controller has all users. So my question is&nbsp;if exist a method that authenticator (switch) can recognize mab or dot1x authentication method and send access request packet to different radius, in case of MAB to freeradius and mysql in case of dot1x to Domain controller with NPS role enabled. If this cannot be done i must figure it out how can freeradius query ldap or AD and mysql simiultaneously.</P> <P>&nbsp; &nbsp;</P> Mon, 11 Mar 2019 07:35:25 GMT stefparaskevakis 2019-03-11T07:35:25Z https://community.cisco.com/t5/network-access-control/mab-and-dot1x-authentication-by-different-radius/m-p/3051338#M23308 <P>Hello fellows,i need to do something strange. Here's my scenario, i have a freeradius with mysql for authentication and vlan assignment &nbsp;with mab, but now i need the endpoints than support EAPoL (windows machines, maybe some printers, etc) to authenticate against dot1x (username and pass) not mab anymore. MySQL database has mac address of all my device but domain controller has all users. So my question is&nbsp;if exist a method that authenticator (switch) can recognize mab or dot1x authentication method and send access request packet to different radius, in case of MAB to freeradius and mysql in case of dot1x to Domain controller with NPS role enabled. If this cannot be done i must figure it out how can freeradius query ldap or AD and mysql simiultaneously.</P> <P>&nbsp; &nbsp;</P> Mon, 11 Mar 2019 07:35:25 GMT https://community.cisco.com/t5/network-access-control/mab-and-dot1x-authentication-by-different-radius/m-p/3051338#M23308 stefparaskevakis 2019-03-11T07:35:25Z https://community.cisco.com/t5/network-access-control/mab-and-dot1x-authentication-by-different-radius/m-p/3051339#M23310 <P>I believe this can be done with IBNS 2.0 -&nbsp;http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/whitepaper_C11-729965.html</P> <P>Check Cisco live online library, there is a good presentation on IBNS 2.0. This was introduced from IOS version 15.2</P> Mon, 03 Apr 2017 13:49:12 GMT https://community.cisco.com/t5/network-access-control/mab-and-dot1x-authentication-by-different-radius/m-p/3051339#M23310 agrissimanis 2017-04-03T13:49:12Z