Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MAC authentication using radius server for a wired network

I am looking for a solution for authenticating the PC's based on MAC address in a wired network with a centralized radius server. The documentation has given a procedure which I did; but takes up to 8 minutes in a DHCP environment to authenticate. It seems Cisco does not support MAC auth directly. We have to enable 802.1X and first the switch checks for the 802.1X client once it times out, MAC authentication gets triggered. This time out is causing the delay! If someone can help me on this Please.

1 REPLY
Cisco Employee

Re: MAC authentication using radius server for a wired network

The timeout values here are from 802.1X, and are the recommended values from the spec. Once the switch misses 3 initial Request-Identity frames in its attempt to look for a supplicant (all while the port is closed) the port is then opened up to learn a MAC (to authenticate it). During actual authentication, the port is closed back down, much like it was when 802.1X was "active".

It you want to timeout on 802.1X more quickly, you can tweak the following values:

cat3750(config-if)#dot1x timeout tx-period ?

<1-65535> Enter a value between 1 and 65535

cat3750(config-if)#dot1x max-reauth-req ?

<0-10> Enter a value between 1 and 10

By default, max-reauth-req = 2, and tx-period = 30. But as you can see above, you can effectively configure a 2-sec timeout (as opposed to the default, which would be at least 90-sec).

Hope this helps,

363
Views
0
Helpful
1
Replies
CreatePlease login to create content