I'm just looking for some clarification here - as far as I know Cisco doesn't support what I want to do (although you can do it on other switches like Foundrys) but I'm still unsure and hopefully somebody here can give me a definite answer.
What I'd like to do is Mac address based port security, where only known Mac addresses are allowed access to the network, but using a central Radius server to store the list of Mac addresses, not the local switch.
As far as I know, Cisco supports three types of port security:
1) Local MAC address lists
2) 802.1x port security, which uses a username and password rather than MAC address
3) Dynamic VLAN assignment using VMPS, which assigns devices to specific VLANs based on MAC address.
Is there though, any way to have switches authenticate the devices MAC address against a RADIUS server rather than a VMPS, and either permit / deny access or even assign VLANs based on the Radius servers response?
Many thanks
Tom