Configuring the RADIUS server to support MAC authentication
On the RADIUS server, configure the client device authentication in the same way that you would any other client, except:
- Configure the client device’s (hexadecimal) MAC address as both username and password. Be careful to configure the switch to use the same format that the RADIUS server uses. Otherwise, the server will deny access. The switch provides four format options:
aabbccddeeff (the default format)
aabbcc-ddeeff
aa-bb-cc-dd-ee-ff
aa:bb:cc:dd:ee:ff
AABBCCDDEEFF
AABBCC-DDEEFF
AA-BB-CC-DD-EE-FF
AA:BB:CC:DD:EE:FF
If the device is a switch or other VLAN capable device, use the base MAC address assigned to the device, and not the MAC address assigned to the VLAN through which the device communicates with the authenticator switch. The switch applies a single MAC address to all VLANs configured in the switch. Thus, for a given switch, the MAC address is the same for all VLANs configured on the switch. (See “Static Virtual LANs (VLANs)” in the advanced traffic management guide for your switch.)