cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1440
Views
0
Helpful
1
Replies

dot1x Port Based Authentication, MAC bypass, FreeRadius

ma.cerqui
Level 1
Level 1

Hello

I'm trying to do the following setup:

______________ _______________ ____________

| WinXP Client |---| Catalyst 2950 |---| FreeRadius |

-------------- --------------- ------------

1. Client starts up and wants to authenticate with his MAC address.

2. Catalyst sends the MAC address of the client to the FreeRadius server.

3. The server looks it up and replays the accept or deny to the Catalyst and tells him the VLAN of the client.

4. Catalyst puts the port to the authorized state and assigns the VLAN.

I got this setup to work, but only with username/password authentication. As don't want the client/user to do any thing, I would prefer MAC authentication. Is this possible? How do I have to setup up the Calatlyst and the Radius server?

Thanks

Marco

1 Reply 1

localhorscht
Level 1
Level 1

I think it is not possible. You have to use username/password. To use MAC for VLAN assignment tries VMPS with a Switch as VMPS server or OpenVMPS as VMPS Server.

See http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00802c305f.html#wp1375288

Can you send me your freeradius and switch sonfig because I don't get it to run with freeradius?