Multi-Auth on 2960x

Ivo Kessler · ‎11-17-2017

Hi,

I try to configure a 2960x for mac authentication with Radius. For now I need only MAC authentication, no voice vlan, no different vlan´s. I just want to restrict access to the network to predefined MAC addresses.

In single host mode it works well... I see my client authenticated by Radius. But I´ll neet multi-auth on some ports but the option is not available, only multi-domain, multi-host and single-host:

xxx(config-if)#authentication host-mode ?
multi-domain Multiple Domain Mode
multi-host Multiple Host Mode
single-host SINGLE HOST Mode

this is what I did so far:

conf t
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius (optional)
dot1x system-auth-control
radius server radius
address ipv4 xx.xx.xx.xx auth-port 1812 acct-port 1813
timeout 2
retransmit 1
key *****
aaa session-id common
authentication mac-move permit

conf terminal
interface Gi0/11
switchport mode access
switchport access vlan 1
dot1x port-control auto
authentication order mab
authentication priority mab
mab

Thanks in advance

Ivo

chrisgray1 · ‎11-20-2017

Then is multi-host the option that you are looking for? It will allow multiple mac address on the same port to be authenticated.

agrissimanis · ‎11-20-2017

Multi-host will only authenticate the first MAC address that appears on the port and let all others through without authenticating them though.

@Ivo Kessler what IOS version are you running?