This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EOS NAC: What happen (in this config) when the RADIUS/NetSight Server (for MAC Auth Only) is not reachable?

EOS NAC: What happen (in this config) when the RADIUS/NetSight Server (for MAC Auth Only) is not reachable?

SchmuFoo
Contributor

‎08-30-2018 11:02 AM

Hello Community,

I'm looking for details if Clients connected to "auth-reg" Ports will still have connectivity, If the Radius/NetSight Server is offline?

set multiauth mode multi
set multiauth precedence mac quarantine-agent dot1x pwa cep radius-snooping auto-tracking
set multiauth port mode force-auth ge.1.1
set multiauth port mode force-auth ge.1.2
set multiauth port mode auth-reqd ge.1.3
set multiauth port mode force-auth ge.1.4
set multiauth port mode auth-reqd ge.1.5
[..]

Thanks,

Jan
0 Kudos
6 REPLIES 6

Zdeněk_Pala
Extreme Employee

‎08-31-2018 10:39 AM

Force-auth = the port is authorized no authentication will happen
Auth-req = no traffic will pass until accept is received

the third option is authentication optional (auto) = if the auth is not successful then the default port config is used (vlan, default policy, QoS...)

You can have more radius servers = to accomplish HA
Regards Zdeněk Pala
0 Kudos

SchmuFoo
Contributor

‎08-30-2018 11:04 AM

BTW, with regards to auth-reqd VS. force-auth:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-disable-authentication-on-a-port-to...

0 Kudos
GTM-P2G8KFN