dot1x port authentication based on MAC?

Unanswered Question
Nov 12th, 2009
User Badges:

Is it possible to use dot1x to enable/shutdown a port based on the MAC address of the connected device?


The situation is that port-security is not really an option. I must retain some flexibility in where computers end up physically in the network. With that in mind, I cannot statically assign a MAC to a switchport (port-security).


I would like to be able to specify a MAC address whitelist that dot1x could use to authenticate a device.


I was reading the 3750 dot1x config guide which suggests that "MAC Authentication Bypass" might be what I am looking for.


Any advice is appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
VLA_WeyBridge_2 Fri, 11/20/2009 - 04:10
User Badges:

Well yes you could do it this way.


using mac bypass will use the macaddress as the username and passowrd for the dot1x authentication process.


So then its a case of setting up your Radius Tacacus+ or what ever other authentication you are using to deal with this.


In the case of AD intergration you can simpley create a user name with the mac address as username and password.


once you have your username setup (with what ever system is doing the authentication) you can then open/shut the port as you wish.


Does that help ?

Actions

This Discussion