MAC authentication using radius server for a wired network
I am looking for a solution for authenticating the PC's based on MAC address in a wired network with a centralized radius server. The documentation has given a procedure which I did; but takes up to 8 minutes in a DHCP environment to authenticate. It seems Cisco does not support MAC auth directly. We have to enable 802.1X and first the switch checks for the 802.1X client once it times out, MAC authentication gets triggered. This time out is causing the delay! If someone can help me on this Please.
Re: MAC authentication using radius server for a wired network
The timeout values here are from 802.1X, and are the recommended values from the spec. Once the switch misses 3 initial Request-Identity frames in its attempt to look for a supplicant (all while the port is closed) the port is then opened up to learn a MAC (to authenticate it). During actual authentication, the port is closed back down, much like it was when 802.1X was "active".
It you want to timeout on 802.1X more quickly, you can tweak the following values:
cat3750(config-if)#dot1x timeout tx-period ?
<1-65535> Enter a value between 1 and 65535
cat3750(config-if)#dot1x max-reauth-req ?
<0-10> Enter a value between 1 and 10
By default, max-reauth-req = 2, and tx-period = 30. But as you can see above, you can effectively configure a 2-sec timeout (as opposed to the default, which would be at least 90-sec).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :