Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
391
Views
0
Helpful
1
Replies

MAB and dot1x Authentication by different Radius

stefparaskevakis
Level 1
Level 1

‎03-30-2017 02:51 PM - edited ‎03-11-2019 12:35 AM

Hello fellows,i need to do something strange. Here's my scenario, i have a freeradius with mysql for authentication and vlan assignment  with mab, but now i need the endpoints than support EAPoL (windows machines, maybe some printers, etc) to authenticate against dot1x (username and pass) not mab anymore. MySQL database has mac address of all my device but domain controller has all users. So my question is if exist a method that authenticator (switch) can recognize mab or dot1x authentication method and send access request packet to different radius, in case of MAB to freeradius and mysql in case of dot1x to Domain controller with NPS role enabled. If this cannot be done i must figure it out how can freeradius query ldap or AD and mysql simiultaneously.

   

1 person had this problem
Labels:
0 Helpful
1 Reply 1

agrissimanis
Level 1
Level 1

‎04-03-2017 06:49 AM

I believe this can be done with IBNS 2.0 - http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/whitepaper_C11-729965.html

Check Cisco live online library, there is a good presentation on IBNS 2.0. This was introduced from IOS version 15.2

0 Helpful
Customers Also Viewed These Support Documents