https://community.hpe.com/t5/switches-hubs-and-modems/mac-based-authentication/m-p/3964542#M10728 <!--!*#-->I am trying to set up Mac-based authentication on a procurve 2626, authenticating to a Steel-belted Radius server. However I fail to get authenticated, I have created a user on the radius box with a username on &lt; mymacaddress &gt; multi dash , username <MYMACADDRESS> mutil dash<BR /><BR />Can anyone piont me in the write direction<BR /><BR />Thanks<BR /><BR />I have the following config on my switch <BR /><BR /> /sw/code/build/fish(ts_08_5)<BR /> May 5 2006 12:22:57<BR /> H.08.98<BR /> 268<BR /><BR />Config <BR /><BR /> exit<BR />radius-server host 172.16.2.14 key secretKey<BR />aaa port-access mac-based 1-4<BR />aaa port-access mac-based addr-format multi-dash<BR />password manager<BR /><BR />I have eap method as MD5 chanllenge on the radius box<BR /></MYMACADDRESS> Mon, 19 Mar 2007 11:33:45 GMT Kevin Stanton 2007-03-19T11:33:45Z https://community.hpe.com/t5/switches-hubs-and-modems/mac-based-authentication/m-p/3964542#M10728 <!--!*#-->I am trying to set up Mac-based authentication on a procurve 2626, authenticating to a Steel-belted Radius server. However I fail to get authenticated, I have created a user on the radius box with a username on &lt; mymacaddress &gt; multi dash , username <MYMACADDRESS> mutil dash<BR /><BR />Can anyone piont me in the write direction<BR /><BR />Thanks<BR /><BR />I have the following config on my switch <BR /><BR /> /sw/code/build/fish(ts_08_5)<BR /> May 5 2006 12:22:57<BR /> H.08.98<BR /> 268<BR /><BR />Config <BR /><BR /> exit<BR />radius-server host 172.16.2.14 key secretKey<BR />aaa port-access mac-based 1-4<BR />aaa port-access mac-based addr-format multi-dash<BR />password manager<BR /><BR />I have eap method as MD5 chanllenge on the radius box<BR /></MYMACADDRESS> Mon, 19 Mar 2007 11:33:45 GMT https://community.hpe.com/t5/switches-hubs-and-modems/mac-based-authentication/m-p/3964542#M10728 Kevin Stanton 2007-03-19T11:33:45Z https://community.hpe.com/t5/switches-hubs-and-modems/mac-based-authentication/m-p/3964543#M10729 Hi,<BR />Maybe you want to add <BR /><BR />aaa authentication port-access eap-radius<BR /><BR />I got mine working using IAS. Tue, 20 Mar 2007 03:04:04 GMT https://community.hpe.com/t5/switches-hubs-and-modems/mac-based-authentication/m-p/3964543#M10729 Jaguar 2007-03-20T03:04:04Z https://community.hpe.com/t5/switches-hubs-and-modems/mac-based-authentication/m-p/3964544#M10730 I added aaa authentication port-access eap-radius still no luck, I know I am missing something very simple. Tue, 20 Mar 2007 03:56:21 GMT https://community.hpe.com/t5/switches-hubs-and-modems/mac-based-authentication/m-p/3964544#M10730 Kevin Stanton 2007-03-20T03:56:21Z https://community.hpe.com/t5/switches-hubs-and-modems/mac-based-authentication/m-p/3964545#M10731 <!--!*#-->I get as far as the Radius box however the radius and the switch log me as a failed authentication.<BR /><BR />I have upgraded the code to version 10.31 made no differance. Tue, 20 Mar 2007 04:00:57 GMT https://community.hpe.com/t5/switches-hubs-and-modems/mac-based-authentication/m-p/3964545#M10731 Kevin Stanton 2007-03-20T04:00:57Z https://community.hpe.com/t5/switches-hubs-and-modems/mac-based-authentication/m-p/3964546#M10732 Hi<BR /><BR />I suggest you have a look on the Funk event log screen after any unsuccessful login, and try to trace it.<BR /><BR />Good Luck !!! Tue, 20 Mar 2007 10:44:21 GMT https://community.hpe.com/t5/switches-hubs-and-modems/mac-based-authentication/m-p/3964546#M10732 Mohieddin Kharnoub 2007-03-20T10:44:21Z https://community.hpe.com/t5/switches-hubs-and-modems/mac-based-authentication/m-p/3964547#M10733 Gave up on Steel belted radius went back to IAS<BR /><BR />Added user to the domain Mac-address username and password<BR />Made a member of groups <DOMAIN user=""> and <RAS and="" ias="" servers=""><BR /><BR />Dial in allow access<BR /><BR />Account Password settings ; user cannot change password, never expires, store using reversible ( this can take time to replicate, you also need to reset the password if you have just ticked the box as the password is not changed automatically)<BR /><BR />IAS<BR /><BR />Policy properties : add your windows group I used domain users<BR /><BR />Edit profile<BR /><BR />Authentication : encrypted authentication (chap)<BR /><BR />Advanced : <BR /><BR />I added<BR /><BR />framed-protocol PPP<BR />service-type framed<BR />tunnel-medium-type 802<BR />You can put you Vlan info in here too<BR /><BR />IASparse tool kool for looking at the log files<BR /><BR />I am up and running thanks for the help<BR /><BR />I found the following Doc very useful<BR /><A href="http://www.foundrynet.com/pdf/wp-deploying-mac-with-ias.pdf" target="_blank">http://www.foundrynet.com/pdf/wp-deploying-mac-with-ias.pdf</A><BR /><BR />switch config<BR /><BR />aaa accounting network radius<BR />radius-server host 172.28.9.69 key *****<BR />aaa port-access mac-based 1-4<BR />aaa port-access mac-based addr-format multi-dash</RAS></DOMAIN> Wed, 21 Mar 2007 07:35:30 GMT https://community.hpe.com/t5/switches-hubs-and-modems/mac-based-authentication/m-p/3964547#M10733 Kevin Stanton 2007-03-21T07:35:30Z