Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
445
Views
0
Helpful
3
Replies

Cisco 2960SF to Port Authentication via MAC Address using Radius

deocanave
Level 1
Level 1

‎07-25-2014 06:31 AM - edited ‎03-07-2019 08:11 PM

Hi Guys,

 

Hoping someone again an answer my question...

 

Here's the scenario:

 

My boss wants me to restrict my co-employees on freely inserting their devices to our network. He then ask me if I can do a security where the devices should enroll their mac address before connecting to our network to gain internet. After reading some forums I came up in using the following:

a. 2 Cisco Switch 2960SF

b. Radius Server (Free Radius).

c. 3650 Cisco Layer

 

Connection between Radius and Cisco 2960 is working before when I telnet the ip of the switch it prompts me to username and password and I can use my created user and password...

 

My problem is that, when I tried to insert a pc to the Cisco Switch to test if the blocking of the port is working, to my surprise I can still connect to the network. I did not add the mac address of the pc to the radius server but still I can connect and access to the internet.

 

Thanks..

 

 

 

Labels:
0 Helpful
3 Replies 3

rvarelac
Level 7
Level 7

‎07-25-2014 10:09 AM

Hi

If you have access to your co-workers devices you can take the MAC address fro those devices after that apply a Port-security policy on the switch .

 

For example :

Switch(config)# interface gig0/2

Switch(config-if)# switchport mode acess

Switch(config-if)# switchport port-security

Switch(config-if)# switchport port-security maximum 1

Switch(config-if)# switchport port-security mac-address 00-d0-ba-11-21-31

Switch(config-if)# switchport port-security violation shutdown

Switch(config-if)#end

 

Only the MAC address of the device assigned to that port can connect  to the network .

 

Instead of:

 

Switch(config-if)# switchport port-security mac-address 00-d0-ba-11-21-31

 

You can use

Switch(config-if)# switchport port-security mac-address sticky

 

And the MAC address of the device will be automatically configured but this port only will allow one user.

 

-Hope this helps -

0 Helpful

deocanave
Level 1
Level 1
In response to rvarelac

‎07-25-2014 10:34 PM

HI Sir,

 

Thank you for this... Is there any other way, because we are using Radius server for the purpose of auditing and for our other it that has no knowledge in using cisco commands...

 

Thanks...

 

 

0 Helpful

rvarelac
Level 7
Level 7
In response to deocanave

‎07-28-2014 09:05 AM

Hi , 

 

Well I'm not an expert with RADIUS technology , but If you're using the RADIUS server for auditing and tracking purposes. 

 

 I would configure the port security on the switch , after that enable the logging and every time the port-secuirty is violated  sent a log to the Radius server.

 

Hope this helps. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card