i have purchased quite a number of SF-300-24 SF-300-48 and SF-300-48P switches.
i would like to ask the community if anyone knows if these devices support VMPS or if anyone has them operating in a centralized mac-based 802.1x config ?
i would like to be able to centrally assign vlans to ports based on mac authentication.
i have the latest firmware installed
any advice or information would be greatly appreciated! thank you.
been 3 days - bumping for reply?
im not really interested in the vmps was wondering more about doing MAB authentication to freeradius
"i would like to be able to centrally assign vlans to ports based on mac authentication."
Yes this is possible and supported. Just keep in mind the SX300 does not use call station ID in the packet. There is a feature "DVA", dynamic VLAN assignment.
Please mark answered for helpful posts
i am still searching for documentation on how to accomplish this. i do not have a Cisco ACS server. has anyone else done this with freeradius, packetfence or Active Directory?
I did manage to get DVA working with free radius. Please see below some settings:
Freeradius users file:
wow thank you! that gives me enough to go on - i will report back how it goes. i just upgraded this SF300 to the latest firmware SW version 22.214.171.124
having some troubles
i see this in the radius debug log
rad_recv: Access-Request packet from host 10.1.0.61 port 49205, id=27, length=137
NAS-IP-Address = 10.1.0.61
NAS-Port-Type = Ethernet
NAS-Port = 2
User-Name = '705812e23a73'
Acct-Session-Id = '05000028'
Called-Station-Id = '58-0A-20-A5-B1-15'
Calling-Station-Id = '70-58-12-E2-3A-73'
EAP-Message = 0x0200001101373035383132653233613733
Message-Authenticator = 0x6255717e9a95e2edda5d227709e07a53
(0) WARNING: Empty authorize section. Using default return values.
(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
(0) Failed to authenticate the user.
(0) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [705812e23a73/<no User-Password attribute>] (from client mhps-network port 2 cli 70-58-12-E2-3A-73)
(0) Using Post-Auth-Type Reject
(0) WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action.
(0) Finished request 0.
so i set up freeradius sql with daloradius to make it easier to manage.
the switch is authenticating but not getting the vlan
Sending Access-Accept of id 58 to 10.1.0.61 port 49205
Tunnel-Private-Group-Id:0 = "103"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
but on the switch side im getting:
28-Nov-2014 13:26:17 %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 70:58:12:e2:3a:73 was rejected on port fa2 because Radius accept message does not contain VLAN ID