11-17-2017 11:25 PM - edited 02-21-2020 10:39 AM
Hi,
I try to configure a 2960x for mac authentication with Radius. For now I need only MAC authentication, no voice vlan, no different vlan´s. I just want to restrict access to the network to predefined MAC addresses.
In single host mode it works well... I see my client authenticated by Radius. But I´ll neet multi-auth on some ports but the option is not available, only multi-domain, multi-host and single-host:
xxx(config-if)#authentication host-mode ?
multi-domain Multiple Domain Mode
multi-host Multiple Host Mode
single-host SINGLE HOST Mode
this is what I did so far:
conf t
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius (optional)
dot1x system-auth-control
radius server radius
address ipv4 xx.xx.xx.xx auth-port 1812 acct-port 1813
timeout 2
retransmit 1
key *****
aaa session-id common
authentication mac-move permit
conf terminal
interface Gi0/11
switchport mode access
switchport access vlan 1
dot1x port-control auto
authentication order mab
authentication priority mab
mab
Thanks in advance
Ivo
11-20-2017 03:12 AM
Then is multi-host the option that you are looking for? It will allow multiple mac address on the same port to be authenticated.
11-20-2017 07:03 AM
Multi-host will only authenticate the first MAC address that appears on the port and let all others through without authenticating them though.
@Ivo Kessler what IOS version are you running?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide