11-17-2017 11:25 PM - edited 02-21-2020 10:39 AM
Hi,
I try to configure a 2960x for mac authentication with Radius. For now I need only MAC authentication, no voice vlan, no different vlan´s. I just want to restrict access to the network to predefined MAC addresses.
In single host mode it works well... I see my client authenticated by Radius. But I´ll neet multi-auth on some ports but the option is not available, only multi-domain, multi-host and single-host:
xxx(config-if)#authentication host-mode ?
multi-domain Multiple Domain Mode
multi-host Multiple Host Mode
single-host SINGLE HOST Mode
this is what I did so far:
conf t
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius (optional)
dot1x system-auth-control
radius server radius
address ipv4 xx.xx.xx.xx auth-port 1812 acct-port 1813
timeout 2
retransmit 1
key *****
aaa session-id common
authentication mac-move permit
conf terminal
interface Gi0/11
switchport mode access
switchport access vlan 1
dot1x port-control auto
authentication order mab
authentication priority mab
mab
Thanks in advance
Ivo
11-20-2017 03:12 AM
Then is multi-host the option that you are looking for? It will allow multiple mac address on the same port to be authenticated.
11-20-2017 07:03 AM
Multi-host will only authenticate the first MAC address that appears on the port and let all others through without authenticating them though.
@Ivo Kessler what IOS version are you running?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: