Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
828
Views
0
Helpful
1
Replies

MAC authentication using radius server for a wired network

gtalps123
Level 1
Level 1

‎04-20-2006 10:16 PM - edited ‎03-10-2019 02:33 PM

I am looking for a solution for authenticating the PC's based on MAC address in a wired network with a centralized radius server. The documentation has given a procedure which I did; but takes up to 8 minutes in a DHCP environment to authenticate. It seems Cisco does not support MAC auth directly. We have to enable 802.1X and first the switch checks for the 802.1X client once it times out, MAC authentication gets triggered. This time out is causing the delay! If someone can help me on this Please.

Labels:
0 Helpful
1 Reply 1

jafrazie
Cisco Employee
Cisco Employee

‎04-21-2006 06:17 AM

The timeout values here are from 802.1X, and are the recommended values from the spec. Once the switch misses 3 initial Request-Identity frames in its attempt to look for a supplicant (all while the port is closed) the port is then opened up to learn a MAC (to authenticate it). During actual authentication, the port is closed back down, much like it was when 802.1X was "active".

It you want to timeout on 802.1X more quickly, you can tweak the following values:

cat3750(config-if)#dot1x timeout tx-period ?

<1-65535> Enter a value between 1 and 65535

cat3750(config-if)#dot1x max-reauth-req ?

<0-10> Enter a value between 1 and 10

By default, max-reauth-req = 2, and tx-period = 30. But as you can see above, you can effectively configure a 2-sec timeout (as opposed to the default, which would be at least 90-sec).

Hope this helps,

0 Helpful
Customers Also Viewed These Support Documents