Comware

 View Only
  • 1.  Mac-based authentication

    Posted Mar 19, 2007 07:34 AM
    I am trying to set up Mac-based authentication on a procurve 2626, authenticating to a Steel-belted Radius server. However I fail to get authenticated, I have created a user on the radius box with a username on < mymacaddress > multi dash , username <MYMACADDRESS> mutil dash

    Can anyone piont me in the write direction

    Thanks

    I have the following config on my switch

    /sw/code/build/fish(ts_08_5)
    May 5 2006 12:22:57
    H.08.98
    268

    Config

    exit
    radius-server host 172.16.2.14 key secretKey
    aaa port-access mac-based 1-4
    aaa port-access mac-based addr-format multi-dash
    password manager

    I have eap method as MD5 chanllenge on the radius box
    </MYMACADDRESS>


  • 2.  RE: Mac-based authentication

    Posted Mar 19, 2007 11:04 PM
    Hi,
    Maybe you want to add

    aaa authentication port-access eap-radius

    I got mine working using IAS.


  • 3.  RE: Mac-based authentication

    Posted Mar 19, 2007 11:56 PM
    I added aaa authentication port-access eap-radius still no luck, I know I am missing something very simple.


  • 4.  RE: Mac-based authentication

    Posted Mar 20, 2007 12:01 AM
    I get as far as the Radius box however the radius and the switch log me as a failed authentication.

    I have upgraded the code to version 10.31 made no differance.


  • 5.  RE: Mac-based authentication

    Posted Mar 20, 2007 06:44 AM
    Hi

    I suggest you have a look on the Funk event log screen after any unsuccessful login, and try to trace it.

    Good Luck !!!


  • 6.  RE: Mac-based authentication

    Posted Mar 21, 2007 03:36 AM
    Gave up on Steel belted radius went back to IAS

    Added user to the domain Mac-address username and password
    Made a member of groups <DOMAIN user=""> and <RAS and="" ias="" servers="">

    Dial in allow access

    Account Password settings ; user cannot change password, never expires, store using reversible ( this can take time to replicate, you also need to reset the password if you have just ticked the box as the password is not changed automatically)

    IAS

    Policy properties : add your windows group I used domain users

    Edit profile

    Authentication : encrypted authentication (chap)

    Advanced :

    I added

    framed-protocol PPP
    service-type framed
    tunnel-medium-type 802
    You can put you Vlan info in here too

    IASparse tool kool for looking at the log files

    I am up and running thanks for the help

    I found the following Doc very useful
    http://www.foundrynet.com/pdf/wp-deploying-mac-with-ias.pdf

    switch config

    aaa accounting network radius
    radius-server host 172.28.9.69 key *****
    aaa port-access mac-based 1-4
    aaa port-access mac-based addr-format multi-dash</RAS></DOMAIN>