dot1x & MAC auth using RADIUS with Router Code

  • 1
  • Question
  • Updated 3 months ago
Hi All,

We're implementing dot1x and MAC auth on 7150 stack (08.0.80) running router code (basic). We've configured dot1x and MAC auth to RADIUS just like we have successfully in our lab environment (7250 switch code) but it doesn't work. The RADIUS server never even gets a request but we have confirmed connectivity between the two. IP interface VE exists in the test VLAN and default route to the WAN. I have a feeling it has something to do with the fact we dont have a management VLAN specified, but as i understand it, when running router code, this is not an option? Quite new to ICX so still figuring things out. Any pointer appreciated.

Auth-mode multiple-untagged
  auth-default-vlan XXX
  restricted-vlan YYY
  auth-fail-action restricted-vlan
  auth-timeout-action failure
  dot1x enable
  dot1x enable ethe 3/1/1
  dot1x port-control auto ethe 3/1/1
  mac-authentication enable
  mac-authentication enable ethe 3/1/1
  mac-authentication password-format xx:xx:xx:xx:xx:xx

aaa authentication dot1x default radius

radius-server host WWW.XXX.YYY.ZZZ auth-port 1812 acct-port 1813 default key 2 $RSddJzVvYish dot1x mac-auth
Photo of Robert Lowe

Robert Lowe

  • 206 Posts
  • 47 Reply Likes

Posted 3 months ago

  • 1
Photo of William Hadley

William Hadley, Employee

  • 8 Posts
  • 4 Reply Likes
You can specify a VE or Interface to use.

ip radius source-interface x

Please refer to the Security guide section Source address configuration Radius


Photo of Robert Lowe

Robert Lowe

  • 206 Posts
  • 47 Reply Likes
Thanks William, this is exactly what i was looking for!