Skip to main content
peer_joachim_koch's profile

Thu, Feb 22, 2018 8:07 AM

Mac based VLAN - Howto convert config ?

we are using MAC based vlan for a long time. We have a running config for FCX running 7.X code. Starting with 8.0.20(30) the syntax of the configuration has changed.
Currently I have no success to get it up and working.
We are using a radius server to deploy information about a pair of MAC address and vlan. The switch is putting this MAC into the vlan.
On a new switch running 8.0.70 we see only the error message:"Feb 21 16:27:55:N:MAC Authentication RADIUS timeout for ....", but
show radius servers 
Server                Type      Opens     Closes   Timeouts   Status 
X.X.X.X                any          0          0          0   active
Auth Servers: available
Acct Servers: available

In the beginning I also tried then test command (802.1x test for radius) which worked.
So no idea, why mac-auth is not speaking to the radius ...


20 Messages


290 Points

3 years ago

Below is the configuration I use for MAC-Auth on ICX 8.X code. If this does not get you working, post your config and whaqt type of Radius you are using and we can go from there.

aaa authentication dot1x default radius
radius-server host X.X.X.X auth-port 1812 acct-port 1813 default key xxxxxxxx dot1x
vlan 2 name auth-default-vlan
vlan 666 name restricted_VLAN
auth-default-vlan 2
restricted-vlan 666
auth-fail-action restricted-vlan
mac-authentication enable
mac-authentication enable ethernet 1/1/14 to 1/1/15