Header Only - DO NOT REMOVE - Extreme Networks

Radius Server configuration on B3 Series Switches


Dear all, I configured a B3 Enterasys switch (with the latest firmware on it B3-661100008) for MAC authentication purpose via a RADIUS Server (Ip address 100.1.3.59). I used the following commands: set radius server 1 100.1.3.59 1812 Password realm network-access set radius enable set macauthentication enable set macauthentication password Password set macauthentication port enable *.*.* set macauthentication portquietperiod 60 *.*.* The problem is that the switch is not sending any authentication request to Radius Server, tested with tcpdump and wireshark, even if ping the connectivity between them is ok. I used the same configuration on a C5 Enterasys switch and it works! Somebody could kindly help me? Thank you in advance Best Regards Claudio Minnetti

5 replies

Userlevel 2
Hi Claudio and thanks for posting your question. I am going to have one of our experts take a look at this and we should have a response shortly.
Userlevel 4
Here is one that is working for me on a C5 Jason #radius set radius enable set radius server 1 10.58.196.5 1812 mysecret realm any set dot1x enable set eapol enable set eapol auth-mode auto ge.1.1 set eapol auth-mode forced-auth ge.1.24 #multiauth set multiauth port mode auth-opt ge.1.1 set multiauth port mode force-auth ge.1.1 set multiauth precedence dot1x mac pwa set multiauth mode multi #macauthentication set macauthentication password password set macauthentication port enable ge.1.1 set macauthentication enable
Jason Parker wrote:

Here is one that is working for me on a C5 Jason #radius set radius enable set radius server 1 10.58.196.5 1812 mysecret realm any set dot1x enable set eapol enable set eapol auth-mode auto ge.1.1 set eapol auth-mode forced-auth ge.1.24 #multiauth set multiauth port mode auth-opt ge.1.1 set multiauth port mode force-auth ge.1.1 set multiauth precedence dot1x mac pwa set multiauth mode multi #macauthentication set macauthentication password password set macauthentication port enable ge.1.1 set macauthentication enable

Jason, looking at your configuration I found what I didn't check on B3 switch configuration. it's the "multiauth" modality. On B3 series (But also A2, A4, N7 series) switch the "multiauth" mode is set by default as "strict", it means that only 802.1x is enabled and that's why no authentication message has forwarded from the switch. On the other hand, B5/C5 switch has set by default "multiauth" mode as "multi" (Both 802.1x and macauthentication enable), for that reason it works. Thank you a lot for your support best regards Claudio
Userlevel 4
C5-Stack-196.88-1(su)->show macauthentication session Port MAC Address Duration Reauth Period Reauthentications ------- ----------------- ---------- ------------- ------------------ ge.1.1 00:D0:B7:11:75:9D 0,00:03:29 3600 disabled
B5-> set policy maptable response tunnel

Reply