Hi, > The way how it works is that (I figured it out by running debug on the switch > and by using wireshark), if the supplicant device doesn’t support 802.1x, the > switch (172.17.254.100) sends a access request to the freeradius server > (172.17.1.1) with username and password both are the MAC address of the > device!
correct - with the MAC in very plain format... ie all symbols stripped so its just, as you wrote "00a0080806bd" (rather than eg 00a0.0808.06bd or 00:a0:08:08:06:bd or 00-a0-08-08-06-bd) by the way, depending on what IOS you've got, this will change - the new IOS and this can be configured too on some previous versions - will send the password int he form of the MD5 of the MAC address! > That brings my dilemma! I have like 200 devices like this. I don’t want to > edit my users file with each of the MAC address as the UN/PW. Is there an > easy way to write a script like thing to include all of them? The mac > addresses are all start with “00:a0:08”. I want a logic like: many ways to do this - you certainly dont need to play with the users file - you might want to eg, put them into AD/LDAP or put them into SQL. in SQL you can set User-Name Attribute Op Value 00a0080806bd Cleartext-Password := 00a0080806bd if you KNOW that the addresses are valid, then you could scrape them...alternatively, set the fail/quest VLAN to be behind a captive portal box and then the users get to see a 'login page' and when they click login, you can grab their IP address and therefore their MAC address and then insert that into SQL. just a quick idea...monday morning project. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
