jafrazie Wed, 07/23/2008 - 05:49

If you want to authenticate via the devices MAC address, then you need to disable 802.1X on the PC (which you have enabled for 802.1X with EAP-MD5 as the selected method).

Depends on what you need to achieve,

Hope this helps,

acharyr123 Wed, 07/23/2008 - 09:20

ok ok..i got ur point....please correct me the config steps:

1. Added switch as aaa client into acs

2. entered machine mac address into acs user-setup as both usename & password.

3. in 64,65 & 81 (in bother group & user setup) choosed 64=vlan; 65=802; 81=authenticated_vlan_id

4. in switch

aaa new-model

aaa authentication dot1x default group radius

radius-server host acs_ip auth-port 1645 acct-port 1646 key ****

dot1x system-auth-control

int fa0/1

switchport mode access

dot1x mac-auth-bypass

dot1x port-control auto

dot1x reauthentication

dot1x pae authenticator

dot1x guest-vlan 900

Note: Whenever i issue the command "port-control auto" the line protocol of the port goes down.

5. in end machine disable ieee 802.1x authentication.

I will try this setting tomorrow & update you accordingly.


This Discussion