Hi,
I just completed this very setup just last week. You can use dot1x with Mac Auth Bypass.
See here... http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sg/configuration/guide/dot1x.html#wp1203853
My Config was as follows;
On the RADIUS server configure both the username and password as the PC/Laptop MAC address.
Also on the RADIUS server configure these options... i used Cisco ACS RADIUS Server.
?Tunnel-Type = VLAN
?Tunnel-Medium-Type = 802
?Tunnel-Private-Group-ID = (VLANNumber)
Now globally on the switch configure this;
!
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
!
dot1x system-auth-control
!
radius-server host 172.16.0.1 auth-port 1645 acct-port 1646 key cisco
radius-server source-ports 1645-1646
radius-server deadtime 1
!
And on the interfaces configure this;
!
interface FastEthernet 0/1
switchport mode access
switchport nonegotiate
dot1x mac-auth-bypass
dot1x pae authenticator
dot1x port-control auto
dot1x timeout quiet-period 2
dot1x timeout tx-period 2
dot1x max-reauth-req 1
spanning-tree portfast
!
Yoy may notice that i have changed the dot1x timeouts. My reason was that dot1x was taking too long to authorize the MAC address and then bring up the port (about 40 -60 seconds) (I am open to correction on this as i was only testing it last week :) ).
By reducing the dot1x timeouts the MAC was authorised and the port was brought up quicker.
I hope this helps
Please rate if it does.
Regards
Stephen
==========================
http://www.rconfig.com
A free, open source network device configuration management tool, customizable to your needs!
- Always vote on an answer if you found it helpful
