HPE Community
Switches, Hubs, and Modems
1753797 Members
8013 Online
108805 Solutions
New Discussion юеВ

Mac-based authentication

 
Kevin Stanton
Occasional Advisor

тАО03-19-2007 04:33 AM

тАО03-19-2007 04:33 AM

Mac-based authentication

I am trying to set up Mac-based authentication on a procurve 2626, authenticating to a Steel-belted Radius server. However I fail to get authenticated, I have created a user on the radius box with a username on < mymacaddress > multi dash , username mutil dash

Can anyone piont me in the write direction

Thanks

I have the following config on my switch

/sw/code/build/fish(ts_08_5)
May 5 2006 12:22:57
H.08.98
268

Config

exit
radius-server host 172.16.2.14 key secretKey
aaa port-access mac-based 1-4
aaa port-access mac-based addr-format multi-dash
password manager

I have eap method as MD5 chanllenge on the radius box
0 Kudos
5 REPLIES 5
Jaguar
Occasional Advisor

тАО03-19-2007 08:04 PM

тАО03-19-2007 08:04 PM

Re: Mac-based authentication

Hi,
Maybe you want to add

aaa authentication port-access eap-radius

I got mine working using IAS.
0 Kudos
Kevin Stanton
Occasional Advisor

тАО03-19-2007 08:56 PM

тАО03-19-2007 08:56 PM

Re: Mac-based authentication

I added aaa authentication port-access eap-radius still no luck, I know I am missing something very simple.
0 Kudos
Kevin Stanton
Occasional Advisor

тАО03-19-2007 09:00 PM

тАО03-19-2007 09:00 PM

Re: Mac-based authentication

I get as far as the Radius box however the radius and the switch log me as a failed authentication.

I have upgraded the code to version 10.31 made no differance.
0 Kudos
Mohieddin Kharnoub
Honored Contributor

тАО03-20-2007 03:44 AM

тАО03-20-2007 03:44 AM

Re: Mac-based authentication

Hi

I suggest you have a look on the Funk event log screen after any unsuccessful login, and try to trace it.

Good Luck !!!
Science for Everyone
0 Kudos
Kevin Stanton
Occasional Advisor

тАО03-21-2007 12:35 AM

тАО03-21-2007 12:35 AM

Re: Mac-based authentication

Gave up on Steel belted radius went back to IAS

Added user to the domain Mac-address username and password
Made a member of groups and

Dial in allow access

Account Password settings ; user cannot change password, never expires, store using reversible ( this can take time to replicate, you also need to reset the password if you have just ticked the box as the password is not changed automatically)

IAS

Policy properties : add your windows group I used domain users

Edit profile

Authentication : encrypted authentication (chap)

Advanced :

I added

framed-protocol PPP
service-type framed
tunnel-medium-type 802
You can put you Vlan info in here too

IASparse tool kool for looking at the log files

I am up and running thanks for the help

I found the following Doc very useful
http://www.foundrynet.com/pdf/wp-deploying-mac-with-ias.pdf

switch config

aaa accounting network radius
radius-server host 172.28.9.69 key *****
aaa port-access mac-based 1-4
aaa port-access mac-based addr-format multi-dash
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.