Do you have authentication set with disgard? If you don't set it for disgard and it fails you will get your default role for that port. If your default role is not set or locked down they will have full access even if they do not authenticate. On Mar 21, 2013 4:04 PM, "Dwayne Vidi" <[email protected]> wrote:
> Use the dash when creating 8021X users which are actually the computers. > Also if you are doing mac set the pwd on the switch for mac users and make > sure it matches what you are putting in your radius auth backend (Active > Directory ? etc). PAP has to be selected on radius server policy for this > type of access. > > -Dwayne > > -----Original Message----- > From: Adam Rainer [mailto:[email protected]] > Sent: Wednesday, March 20, 2013 3:12 AM > To: Enterasys Customer Mailing List > Subject: AW: [enterasys] A4 mac authentication problem > > HI > > Had you set the multiauthentication on the client port to "auth-required"? > So in any other case your client MAY be authenticated. > > > > > Mit freundlichen Grüßen / Best regards > > Rainer ADAM > System Engineer > > > Imtech ICT Austria GmbH > Guglgasse 15 > Bauteil 3, 4. Stock > A-1110 Wien > > T: +43 51715 4830 > F: +43 51715 99 4830 > M: +43 664 851 4830 > [email protected] > > > > Imtech ICT Austria GmbH > Infrastructure Services > > www.imtech-ict.at > > > -----Ursprüngliche Nachricht----- > Von: king1195 [mailto:[email protected]] > Gesendet: Dienstag, 19. März 2013 22:34 > An: Enterasys Customer Mailing List > Betreff: [enterasys] A4 mac authentication problem > > Now I do mac authentication on A4: if client mac is valid,A4 allow it to > access the network. If not, A4 deny it.My working: > 1.Set this port to vlan X and untag for it. I need not dynamical vlan for > get a vlan id from radius. > 2.Enable mac authentication globally and enable on port. > 3.Enable multi authentication globally and set the port connected radius > server to forced-auth 4.Enable radius and set radius server ip and secret > key. > Now I find the client can access the network even though this client mac > authentication is failed. Show macauthen port is enable.But show macauthen > session is null. It is look like the mac authentication is not working. > But radius server logs show the client has done authentication and failed. > Why? > I have another two questions: > 1.If I only do mac authen not do 802.1x authen, must I enable dot1x and > EAP? > 2.What is the format of MAC in radius server defined for userid? Is it > 1234ABCD? 12-34-AB-CD? 12:34:AB:CD? or others? > --- > To unsubscribe from enterasys, send email to [email protected] with the > body: unsubscribe enterasys [email protected] > > --- > To unsubscribe from enterasys, send email to [email protected] with the > body: unsubscribe enterasys [email protected] > > ________________________________ > > > Documents made or received by anyone acting for or on behalf of the UF > Foundation are confidential and exempt from F.S. 119.07(1) pursuant to F.S. > 1004.28(5) and in accordance with the UF Foundation policy on > confidentiality of Foundation documents. The University of Florida > Foundation solicits tax deductible private contributions for the benefit of > the University of Florida. For our full disclosure statement, please see > http://www.uff.ufl.edu/Documents/Document.asp?DocID=1751164. > > --- > To unsubscribe from enterasys, send email to [email protected] with the > body: unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
