cancel
Showing results for 
Search instead for 
Did you mean: 

EXOS: RADIUS Configuration more granular

EXOS: RADIUS Configuration more granular

M_Nees
Contributor III
For a current customer project i need the following EXOS functionality:

All MAC Authentication go to RADIUS Server1 and Server2
All dot1x Authentication go to RADIUS Server 3 and Server4

currently i can only determine the used RADIUS Server by the realm - management or netlogin - not the Authentication Method.
So my customer miss this functionality.

As a workaround i address Server1 (and 2) for all methods and do a forwarding an this server at back-end to server 3/4 for dot1x.
This is working - but doing this "routing" direct on the switch would be prefered by my customer.

Additionally this will help in some troubleshooting situations.

Regards,
Matthias

1 REPLY 1

Matthew_Hum
Contributor
You can do this with a separate FreeRADIUS server to use as a proxy. in the realms configuration you would simply put a regex for the MAC addresses to instruct it to forward to your MAC address radius servers, and then specific domains (or even DEFAULT) for the 802.1X sessions. This is also a way to segregate different domains to different RADIUS servers.

If you already had freeradius servers you can chain them, and pull out, say, the 802.1X sessions to proxy to an upstream server and then auth the MAC auth sessions on the existing server. (this is exactly how NAC does it when you choose auth MAC locally).
GTM-P2G8KFN