>How could it be, when it passes the same information in both cases (the >only difference is the username/password)? Is it possible that the switch >interprets the reply differently for dot1x and mab authentication? >I know it's rather Cisco related issue than RADIUS, but maybe someone >experienced it before.
The switch has a list of authentication methods to try for each type of login. For example my config for 802.1x says: aaa authentication dot1x default group radius You'll also need: dot1x mac-auth-bypass configured on the interface itself. There's some info here http://www.symantec.com/connect/articles/snac-8021x-mac-authentication-bypass-mab-cisco-switch-and-ias It's about IAS unfortunately, but it explains the cisco bits. Plenty more on the Cisco site as well. Good luck, Leighton --- This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
