cancel
Showing results for 
Search instead for 
Did you mean: 

Radius Server configuration on B3 Series Switches

Radius Server configuration on B3 Series Switches

Claudio
New Contributor
Dear all, I configured a B3 Enterasys switch (with the latest firmware on it B3-661100008) for MAC authentication purpose via a RADIUS Server (Ip address 100.1.3.59). I used the following commands: set radius server 1 100.1.3.59 1812 Password realm network-access set radius enable set macauthentication enable set macauthentication password Password set macauthentication port enable *.*.* set macauthentication portquietperiod 60 *.*.* The problem is that the switch is not sending any authentication request to Radius Server, tested with tcpdump and wireshark, even if ping the connectivity between them is ok. I used the same configuration on a C5 Enterasys switch and it works! Somebody could kindly help me? Thank you in advance Best Regards Claudio Minnetti
5 REPLIES 5

Ali_Sa_Flayan
New Contributor
B5-> set policy maptable response tunnel

Jason_Parker
Contributor
C5-Stack-196.88-1(su)->show macauthentication session Port MAC Address Duration Reauth Period Reauthentications ------- ----------------- ---------- ------------- ------------------ ge.1.1 00:D0:B7:11:75:9D 0,00:03:29 3600 disabled

Jason_Parker
Contributor
Here is one that is working for me on a C5 Jason #radius set radius enable set radius server 1 10.58.196.5 1812 mysecret realm any set dot1x enable set eapol enable set eapol auth-mode auto ge.1.1 set eapol auth-mode forced-auth ge.1.24 #multiauth set multiauth port mode auth-opt ge.1.1 set multiauth port mode force-auth ge.1.1 set multiauth precedence dot1x mac pwa set multiauth mode multi #macauthentication set macauthentication password password set macauthentication port enable ge.1.1 set macauthentication enable

Jason, looking at your configuration I found what I didn't check on B3 switch configuration. it's the "multiauth" modality. On B3 series (But also A2, A4, N7 series) switch the "multiauth" mode is set by default as "strict", it means that only 802.1x is enabled and that's why no authentication message has forwarded from the switch. On the other hand, B5/C5 switch has set by default "multiauth" mode as "multi" (Both 802.1x and macauthentication enable), for that reason it works. Thank you a lot for your support best regards Claudio
GTM-P2G8KFN