cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1041
Views
0
Helpful
2
Replies

Multi-Auth on 2960x

Ivo Kessler
Level 1
Level 1

Hi,

 

I try to configure a 2960x for mac authentication with Radius. For now I need only MAC authentication, no voice vlan, no different vlan´s. I just want to restrict access to the network to predefined MAC addresses.

In single host mode it works well... I see my client authenticated by Radius. But I´ll neet multi-auth on some ports but the option is not available, only multi-domain, multi-host and single-host:

 

xxx(config-if)#authentication host-mode ?
  multi-domain  Multiple Domain Mode
  multi-host    Multiple Host Mode
  single-host   SINGLE HOST Mode

 

this is what I did so far:

 

conf t
 aaa new-model
 aaa authentication dot1x default group radius
 aaa authorization network default group radius (optional)
 dot1x system-auth-control
 radius server radius
 address ipv4 xx.xx.xx.xx auth-port 1812 acct-port 1813
 timeout 2
 retransmit 1
 key *****
 aaa session-id common
 authentication mac-move permit
 
 conf terminal
 interface Gi0/11
 switchport mode access
 switchport access vlan 1
 dot1x port-control auto
 authentication order mab
 authentication priority mab
 mab

 

Thanks in advance

 

Ivo

2 Replies 2

chrisgray1
Level 1
Level 1

Then is multi-host the option that you are looking for? It will allow multiple mac address on the same port to be authenticated.

Multi-host will only authenticate the first MAC address that appears on the port and let all others through without authenticating them though.

@Ivo Kessler what IOS version are you running?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: