LAN Routing
1745882 Members
4306 Online
108723 Solutions
New Discussion юеВ

MAC address authentication on HPE switch 2610-24-PWR

 
Erika2
Visitor

MAC address authentication on HPE switch 2610-24-PWR

hello everyone,

i am facing issue with mac address authentication. To be more specific, problem is the format in which mac address is sent to radius server.

here is the config from switch

aaa port-access mac-based 9
aaa port-access mac-based 9 reauth-period 36000

if i am not mistaken, the default type in which mac addresses are sent is no-delimiter, that is totally fine. i added to ISE (radius server) new client with mac address 00809f6810bd, however in logs i see that the switch sends client's mac address in format 00:80:9F:68:10:BD, thus authentication failed.

am i missing something? of course i tried to use another types of mac address format but the result is still the same.

I have also latest firmware on switch - R.11.122.

Thanks for your suggestions!

3 REPLIES 3
drk787
HPE Pro

Re: MAC address authentication on HPE switch 2610-24-PWR

Hi,

Check if switch is supporting the following command.


aaa port-access mac-based addr-format


Configuring a MAC-based address format

Syntax:


aaa port-access mac-based addr-format <no-delimiter|single-dash|multi-dash|multi-colon|no-delimiter-uppercase|single-dash-uppercase|multi-dash-uppercase|multi-colon-uppercase>

Specifies the MAC address format used in the RADIUS request message. This format must match the format used to store the MAC addresses in the RADIUS server.

Default: no-delimiter

no-delimiter: specifies an aabbccddeeff format.

single-dash: specifies an aabbcc-ddeeff format.

multi-dash: specifies an aa-bb-cc-dd-ee-ff format.

multi-colon: specifies an aa:bb:cc:dd:ee:ff format.

no-delimiter-uppercase: specifies an AABBCCDDEEFF format.

single-dash-uppercase: specifies an AABBCC-DDEEFF format

multi-dash-uppercase: specifies an AA-BB-CC-DD-EE-FF format

multi-colon-uppercase: specifies an AA:BB:CC:DD:EE:FF format

Thank You!
I am an HPE Employee

Accept or Kudo

Erika2
Visitor

Re: MAC address authentication on HPE switch 2610-24-PWR

hello @drk787  , great to have you here :)

yes, swttch supprts aaa port-access mac-based addr-format command, i chosed no-delimiter option,.  When i checked the config, the command aaa port-access mac-based addr-format no-delimiter  was not shown, i guess it is hidden command or default option. I tried to use also  no-delimiter-uppercase option, i was able to find these command in config then, but mac addresses received on radius server did not match neither no-delimiter not no-delimiter-uppercase format.

Erika2
Visitor

Re: MAC address authentication on HPE switch 2610-24-PWR

anyone having this issue? i still do not know how to solve it :( it looks like the command aaa port-access mac-based addr-format does not do his job!