Configuring the RADIUS server to support MAC authentication
See also Configuring the switch to access a RADIUS server.
On the RADIUS server, configure the client device authentication in the same way that you would any other client, except:
-
Configure the client device’s (hexadecimal) MAC address as both user name and password. Be careful to configure the switch to use the same format that the RADIUS server uses. Otherwise, the server denies access. The switch provides four format options:
-
aabbccddeeff (the default format)
-
aabbcc-ddeeff
-
aa-bb-cc-dd-ee-ff
-
aa:bb:cc:dd:ee:ff
-
AABBCCDDEEFF
-
AABBCC-DDEEFF
-
AA-BB-CC-DD-EE-FF
-
AA:BB:CC:DD:EE:FF
-
-
If the device is a switch or other VLAN capable device, use the base MAC address assigned to the device, and not the MAC address assigned to the VLAN through which the device communicates with the authenticator switch. The switch applies a single MAC address to all VLANs configured in the switch. Thus, for a given switch, the MAC address is the same for all VLANs configured on the switch. (See “Static Virtual LANs (VLANs)” in the advanced traffic management guide for your switch.)