Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

sg300 MAC-Based 802.1x authentification aka. mab (mac-auth-bypass)

Hi,

the 300 series administation guide states on page 287:

The authentication methods can be:

The authentication methods can be:

* 802.1x

   [...]

* MAC-based—The switch can be configured to use this mode to

authenticate and authorized devices that do not support 802.1x. The switch

emulates the supplicant role on behalf of the non 802.1x capable devices,

and uses the MAC address of the devices as the username and password

when communicating with the RADIUS servers. MAC addresses for

username and password must be entered in lower case and with no

delimiting characters (for example: aaccbb55ccff).

So this is just what we know as mac auth bypass in IOS terms.

However the implementation is not quite the same:

Here a mab request from a IOS device as seen by freeradius:

rad_recv: Access-Request packet from host 192.168.0.1 port 1645, id=35, length=160

        User-Name = "001c25a2104c"

        User-Password = "001c25a2104c"

        Service-Type = Call-Check

        Framed-MTU = 1500

        Called-Station-Id = "8C-B6-4F-1A-C4-05"

        Calling-Station-Id = "00-1C-25-A2-10-4C"

        Message-Authenticator = 0x81a4802ccb11e5da3d1f0b78c1c04db1

        NAS-Port-Type = Ethernet

        NAS-Port = 50005

        NAS-Port-Id = "GigabitEthernet0/5"

        NAS-IP-Address = 192.168.0.1

And now the same request with a sg300-10 device (latest firmware):

rad_recv: Access-Request packet from host 192.168.0.2 port 49181, id=0, length=108
        NAS-IP-Address = 192.168.0.2
        NAS-Port-Type = Ethernet
        NAS-Port = 56
        User-Name = "001c25a2104c"
        Calling-Station-Id = "00-1C-25-A2-10-4C"
        EAP-Message = 0x0200001101303031633235613231303363
        Message-Authenticator = 0x7e5e378a5324111080b1c0ff7d6a9add

192.168.0.1

The device does not send the User-Password = mac-address - why? It says so in the admin guide (see quote above)?

Everyone's tags (5)
18 REPLIES
New Member

Re: sg300 MAC-Based 802.1x authentification aka. mab (mac-auth-b

Dear Cisco,

I figured out on my own that the password is transmitted as md5 hash when doing the eap challenge/response stuff.

That makes no sense, as MAB is unsecure by design, so I just compare User-Name and Calling-Station-Id and send

Sending Access-Accept of id 0 to 192.168.0.2 port 49181

        Tunnel-Type:0 = VLAN

        Tunnel-Medium-Type:0 = IEEE-802

        Tunnel-Private-Group-Id:0 = "9"

via freeradius, however the switch logs:

22-Nov-2011 20:42:16 %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:1c:25:a2:10:4c was rejected on port gi7 because Radius accept message does not contain VLAN ID

What the heII?!

Note: it works perfectly well when processing normal 802.1x requests.

I can only imagine that the switch wants the answer in a nice eap envelope.

However, before I waste more time on this I want a clear statement from the cisco guys.

Bonus would be if you can give an example of how MAB is meant to work on sg300 devices

with freeradius. And I do not mean the easy way via users file ...

Thanks!

Re: sg300 MAC-Based 802.1x authentification aka. mab (mac-auth-b

Hi jan

Here is my MAC based authentication configuration below for interface Gigabit 1, give it a try and see how it goes.  I was waiting for someone else to answer your query for the following reason.

I am using a NSS324 NAS unit with Radius server add-on module  for Radius authentication, which will not authenticate the incoming MAC based requests so I will always fail any mac based requests coming in, as you can see from my radius log that follows;

.

2011-11-2517:07:09000e7f74bd48192.168.10.22---RADIUS---Auth Fail
2011-11-2517:06:09000e7f74bd48192.168.10.22---RADIUS---Auth Fail

(My NAS supports PAP, EAP-TLS/PAP, and EAP-TTLS/PAP authentication schemes for system user accounts.)

However, the switch is configured to push the unauthorized MAC address client into vlan100.

So that's what I did to validate MAC based authentication was progressing by checking the;

  • IP network the PC eventually was dumped into. the PC was allocated a IP address in VLAN100..
  • see and  capture if the Radius exchange between server and switch via  wireshark.
  • check the switch vlan configuration as seen below to see which vlan the port was placed in..

As you can see from the screen captures below, the switch added Gi1 to vlan100 as a results of failed authetication attempt..That's whay I expected.

switch0fdcfd#show vlan

Vlan       Name                   Ports                Type     Authorization

---- ----------------- --------------------------- ------------ -------------

1           1                gi2-10,Po1-8           Default      Required

100         100                 gi1,gi10            permanent       Guest

switch0fdcfd#sh system

System Description:                       10-port Gigabit PoE Managed Switch

System Up Time (days,hour:min:sec):       00,02:32:55

System Contact:

System Name:                              switch0fdcfd

System Location:

System MAC Address:                       68:bd:ab:0f:dc:fd

System Object ID:                         1.3.6.1.4.1.9.6.1.83.10.2

switch0fdcfd#show version

SW version    1.1.1.8 ( date  30-Aug-2011 time  10:46:34 )

Boot version    1.0.0.4 ( date  08-Apr-2010 time  16:37:57 )

HW version    V30


switch0fdcfd#show run

interface  gi10

spanning-tree link-type point-to-point

exit


interface  gi1

dot1x host-mode multi-sessions

exit


vlan database

vlan 100

exit


interface vlan 100

dot1x guest-vlan

exit


voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________

voice vlan oui-table add 00e075 Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________


dot1x system-auth-control

interface  gi1

dot1x reauthentication

exit

interface  gi1

dot1x mac-authentication mac-only

exit

interface gi1

dot1x guest-vlan enable

exit

interface gigabitethernet1

dot1x port-control auto

exit


interface vlan 1

ip address 192.168.10.22 255.255.255.0

exit

ip default-gateway 192.168.10.1

interface vlan 1

no ip address dhcp

exit

hostname switch0fdcfd


radius-server host 192.168.10.61 key 123456789 priority 2


radius-server key 123456789


aaa authentication dot1x default radius


no snmp-server server

ip domain name fred.com

ip name-server  209.18.47.61 209.18.47.62

ip telnet server

interface gigabitethernet10

macro description "switch | no_switch | switch"

exit

interface gigabitethernet10

!next command is internal.

macro auto smartport dynamic_type switch

switchport trunk allowed vlan add 100

exit

switch0fdcfd#


If setup correctly,  MAC based authentication works, so i have been told many times.

This obviously necessitates setting up the AAA server correctly, which i could not do

If you wish to progress your query further, please open a case with your distribution partner or  the good folk at the Small Business Support Center (SBSC).

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

regards Dave


New Member

Re: sg300 MAC-Based 802.1x authentification aka. mab (mac-auth-b

Thanks David,

David Hornstein wrote:

If setup correctly,  MAC based authentication works, so i have been told many times.

This obviously necessitates setting up the AAA server correctly, which i could not do

please understand that this is not what I expected as a qualified solution.

Re: sg300 MAC-Based 802.1x authentification aka. mab (mac-auth-b

Hi,

Sorry,  I responded to your query  because no one did, but, if you question if the switch MAC based authetication works, then open a case with  the good folk at SBSC and work with them to resolve your query.

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Sorry, gave the application a try, just do not have a full Radius server in my lab.  :-(

regards Dave. 

New Member

Re: sg300 MAC-Based 802.1x authentification aka. mab (mac-auth-b

Hey, no problem I really appreciate your answer. Im now chatting with Borislav Atanassov, however he just told me that my Serialnumber is not under warranty. Very strange as the device specs say lifetime warranty...

New Member

Re: sg300 MAC-Based 802.1x authentification aka. mab (mac-auth-b

Greetings Mr. Zacharias,

Today Boby and I configured this on our lab and this is our findings

we have a PC connected to port Gi1 without any 1x configuration

with the following switch config

switch3ba5e1#show run

vlan database

vlan 100

exit

interface vlan 100

dot1x guest-vlan

exit

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________

voice vlan oui-table add 00e075 Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________

dot1x system-auth-control

interface  gi1

dot1x reauthentication

exit

interface  gi1

dot1x mac-authentication mac-only

exit

interface gi1

dot1x guest-vlan enable

exit

interface gigabitethernet1

dot1x port-control auto

exit

interface vlan 1

ip address 192.168.1.254 255.255.255.0

exit

interface vlan 1

no ip address dhcp

exit

hostname switch3ba5e1

radius-server host 192.168.1.222 priority 1

radius-server key testing123

aaa authentication dot1x default radius

no snmp-server server

the only difference between Mr. Hornstein  and ours is that he is  running 1.1.1.8 and we are running 1.1.2.0

and we see  the following on FreeRadius when the PC connect to port gi1

og expands to ../var/log/radius/radacct/192.168.1.254/reply-detail-20111202.log

  modcall[post-auth]: module "reply_log" returns ok for request 1

modcall: leaving group post-auth (returns ok) for request 1

Sending Access-Accept of id 0 to 192.168.1.254 port 49181

        Tunnel-Type:0 = VLAN

        Tunnel-Medium-Type:0 = IEEE-802

        Tunnel-Private-Group-Id:0 = "1"

        Reply-Message = "Hello, c42c030e3ec7"

        EAP-Message = 0x03010004

        Message-Authenticator = 0x00000000000000000000000000000000

        User-Name = "c42c030e3ec7"

Finished request 1

Going to the next request

Waking up in 6 seconds...

this is on the switch Side

this is our users.conf on the FreeRadius:

#################################################################################

c42c030e3ec7 User-Password == "c42c030e3ec7"

         Tunnel-Type:0 = "VLAN",

         Tunnel-Medium-Type:0 = "IEEE-802",

         Tunnel-Private-Group-Id:0 = "1",

         Reply-Message = "Hello, %u"

Kindly share with us know your radius configuration, what firmware version you are running,  a diagram of your topology, and your Switch configs

Thank you

Victor Cappuccio

Cisco Small Business Support

www.cisco.com/go/smallbizhelp

New Member

Re: sg300 MAC-Based 802.1x authentification aka. mab (mac-auth-b

Hi Jan,

for me the Mac-Auth is working on SG300 firmware image 1.1.2.0.

When enabling this on the switch the switch send the MAC as "username" and as "password" in this format: "001122aabbcc". So for freeradius it is seen as a real 802.1X authentication type.

The CISCO isn't able to send just the calling-station-id (MAC) to freeradius like it is described here:

http://wiki.freeradius.org/Mac-Auth#Plain+Mac-Auth

My users file looks like this:

===========

"000039e296ea" Cleartext-Password := "000039e296ea"

    Tunnel-Type = VLAN,

    Tunnel-Medium-Type = IEEE-802,

    Tunnel-Private-Group-ID = "10"

===========

Alexander Wilke

New Member

sg300 MAC-Based 802.1x authentification aka. mab (mac-auth-bypas

Hi Alexander,

Could you solve this problem, or you still have troubles with MAC based authentication and VLAN assignment? Because I have a working MAC-only based authentication here, I can send you the running configuration, and also the freeradius configuration for that.

Best regards,

Geza

New Member

sg300 MAC-Based 802.1x authentification aka. mab (mac-auth-bypas

Hi Geza,

I did not have any problems with that. I just want to say that it is working in my configuration. :-)

Not sure if the thread starter "jan.zacharias@dfki.de" could solve the problem.

Alexander

New Member

sg300 MAC-Based 802.1x authentification aka. mab (mac-auth-bypas

Hi Alexander and Jan,

I am sorry, I did not check that. But if Jan needs help with this, then of course my offer is valid for him too...

Best regards,

Geza

New Member

I'm currently in contact with

I'm currently in contact with Cisco because of exactly this issue.

Did someone make progress beyond what was reported here?

New Member

sg300 MAC-Based 802.1x authentification aka. mab (mac-auth-bypas

Sorry to revive a dead thread, but I am running into this same issue.  It seems there is no way to configure this switch to perform only mac-based authentication.  I was not able to find any way to change the behavior from sending the EAP messages to just sending the mac as username and password.

I am using freeradius but an implementation in another device that doesn't really allow me to change its configuration much.  It is expecting fields 1 and 2 to be the MAC address for the username and password, and results in stating the EAP type doesn't match.

Login incorrect: [f0def1fb5f1d] (from client 192.168.5.100/32 port 1 cli F0-DE-F1-FB-5F-1D)
[eap] Response appears to match, but EAP type is wrong.
# Executing group from file /usr/local/etc/raddb/radiusd.conf
rlm_perl: Added pair Auth-Type = EAP
rlm_perl: Added pair EAP-Type = MD5-Challenge
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair NAS-IP-Address = 192.168.5.100
rlm_perl: Added pair EAP-Message = 0x0201002204103c7ae7659aae20833d873898e4dd1906663064656631666235663164
rlm_perl: Added pair User-Name = f0def1fb5f1d
rlm_perl: Added pair Message-Authenticator = 0x36bcd0966db5687cb7b20046dd9fcaf8
rlm_perl: Added pair State = 0x8e4e0f878e4f16419e6e1a8485d4a92d
rlm_perl: Added pair Calling-Station-Id = F0-DE-F1-FB-5F-1D
rlm_perl: Added pair NAS-Port-Type = Ethernet
2013/04/26 17:49:30 freeradius_hook[4627] INFO> main::authorize - performing authorize
[<thread>] # Executing section authorize from file /usr/local/etc/raddb/radiusd.conf

did anyone else have any luck?  Cisco Small Business team couldn't find a resolution either and just said it can't be done. 

New Member

sg300 MAC-Based 802.1x authentification aka. mab (mac-auth-bypas

Hi Lannar,

you are actually the first person that understands the problem...

I think this will not be fixed as the linksys stuff is not maintained by cisco anymore.

Best luck patching your freeradius daemon.

New Member

sg300 MAC-Based 802.1x authentification aka. mab (mac-auth-bypas

It was my understanding that these small business switches are separate from the linksys product line, and as such are going to be continued to be developed/supported..  hopefully anyway..  its a relatively good product at a good price point, and I'd love to continue using them for our clients.  The lack of full-blown iOS is frustrating however.  the relevant command in a normal cisco device (mab) simply doesn't exist in this switch.

I spoke with the developer of my freedadius implementation, and it will cost me 5 days of R+D at $2000/day.  Guess its time for me to move to a different switch.

Green

sg300 MAC-Based 802.1x authentification aka. mab (mac-auth-bypas

Hi, to help reduce some confusion, the Cisco small business products are not "Linksys" any longer. Essentially "Cisco home" has been sold off.

The "Legacy Linksys" such as RV042 or WAP4410N and products of the like were rebranded Cisco and will continue to fall under Cisco support as Cisco small business products. The SX300 were never Linksys, they are simply direct Linksys replacement of the old SRW models.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
New Member

sg300 MAC-Based 802.1x authentification aka. mab (mac-auth-bypas

Hi,

I had to solve the same problem yesterday. I have to use Microsoft AD and IAS. You have to make a VLAN to the guest-vlan and enable that on the interfaces, that use MAB. My config:

global:

dot1x system-auth-control

encrypted radius-server host x.x.x.x key 1234

aaa authentication dot1x default radius

interface vlan 1

  dot1x guest-vlan

on interface:

dot1x guest-vlan enable

dot1x reauthentication

dot1x mac-authentication mac-only

dot1x port-control auto

switchport mode access

Hope that helps.


New Member

Re: sg300 MAC-Based 802.1x authentification aka. mab (mac-auth-b

Hi Heiko,

I have tried your config but am still not able to get it working how I want.  My goal is to use mac-auth-bypass to enable Per User VLANs.  The readius server accepts all MAC addresses, and assigns a VLAN from a pool.  From your post, and from my experience with this switch, it seems like you have to specify one VLAN as the guest VLAN.  This doesn't make sense to me...  what is the point, if you can only assign one VLAN.  Why not just make it an access port configured for that VLAN?  It does not allow me to run the "dot1x guest-vlan" command on a range of VLANs, and I can only choose one from the drop down in the GUI.

In any case, I still haven't been able to get it working how I want, even to assign the guest VLAN.

my config:

switch155cc4#show run

dot1x guest-vlan timeout 180

vlan database

vlan 1500-1509

exit

interface vlan 1500

dot1x guest-vlan

exit

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________

voice vlan oui-table add 00e075 Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________

dot1x system-auth-control

interface  gi1

dot1x reauthentication

exit

interface  gi1

dot1x mac-authentication mac-only

exit

interface gi1

dot1x guest-vlan enable

exit

interface gigabitethernet1

dot1x port-control auto

exit

interface gigabitethernet1

switchport mode access

exit

interface vlan 1

ip address 192.168.10.5 255.255.255.0

exit

interface vlan 1

no ip address dhcp

exit

hostname switch155cc4

radius-server host 192.168.10.1 key 1234567890

aaa authentication dot1x default radius

When I connect to port gi1, my radius server logs:

Login incorrect: [f0def1fb5f1d] (from client 192.168.10.5/32 port 49 cli F0-DE-F1-FB-5F-1D)

[eap] Response appears to match, but EAP type is wrong.

# Executing group from file /usr/local/etc/raddb/radiusd.conf

rlm_perl: Added pair Auth-Type = EAP

rlm_perl: Added pair EAP-Type = MD5-Challenge

rlm_perl: Added pair NAS-Port = 49

rlm_perl: Added pair NAS-IP-Address = 192.168.10.5

rlm_perl: Added pair EAP-Message = 0x0201002204103c7ae7659aae20833d873898e4dd1906663064656631666235663164

rlm_perl: Added pair User-Name = f0def1fb5f1d

rlm_perl: Added pair Message-Authenticator = 0x4aa24abc4b96780b6c44d7f87ca86f6c

rlm_perl: Added pair State = 0xdf6e7975df6f609b2d0f626aa7a9d2f1

rlm_perl: Added pair Calling-Station-Id = F0-DE-F1-FB-5F-1D

rlm_perl: Added pair NAS-Port-Type = Ethernet

2013/07/01 09:48:56 freeradius_hook[51816] INFO> main::authorize - performing authorize

The switch console shows:

15-Nov-2011 21:47:43 %SEC-W-SUPPLICANTUNAUTHORIZED: MAC f0:de:f1:fb:5f:1d was rejected on port gi1 due to wrong user name or password in Radius server

I can't have a users file with the MAC addresses pre-defined, this is intended to be used in an environment where I don't know what devices will connect.

PS - Here is a radius log coming from a ruckus zonedirector performing mac authentication, which works perfectly:

Login OK: [8c705a8d9410] (from client 192.168.5.3/32 port 0 cli 8C-70-5A-8D-94-10)

rlm_perl: Added pair Auth-Type = PERL

rlm_perl: ERROR: Failed to create pair Tunnel-Medium-Type = IEEE-802

rlm_perl: Added pair Tunnel-Type = VLAN

rlm_perl: Added pair Class = all macs for radius auth

rlm_perl: Added pair Tunnel-Private-Group-ID = 1500

rlm_perl: Added pair NAS-IP-Address = 192.168.5.3

rlm_perl: Added pair NAS-Identifier = 58-93-96-9B-2A-7C

rlm_perl: Added pair User-Password = 8c705a8d9410

rlm_perl: Added pair User-Name = 8c705a8d9410

rlm_perl: Added pair Vendor-25053-Attr-3 = 0x74657374

rlm_perl: Added pair Message-Authenticator = 0xa50af63d7a9826a2c96de2ba66d9d405

rlm_perl: Added pair Called-Station-Id = 58-93-96-9B-2A-7C:test

rlm_perl: Added pair Calling-Station-Id = 8C-70-5A-8D-94-10

rlm_perl: Added pair Service-Type = Framed-User

rlm_perl: Added pair NAS-Port-Type = Wireless-802.11

2013/07/01 11:21:08 freeradius_hook[22399] INFO> main::authenticate - assigning MAC 8c:70:5a:8d:94:10 to new VTA on Vlan "radius test puvlans" with tag 1500

2013/07/01 11:21:08 freeradius_hook[22399] INFO> main::authenticate - selected Vlan "radius test puvlans" for tag pool of size 1

2013/07/01 11:21:08 freeradius_hook[22399] INFO> main::authenticate - MAC 8c:70:5a:8d:94:10 does not have an existing VTA to use

2013/07/01 11:21:08 freeradius_hook[22399] INFO> main::authenticate - using Calling-Station-Id as the end-user's MAC: 8c:70:5a:8d:94:10

2013/07/01 11:21:08 freeradius_hook[22399] INFO> main::authenticate - Policy "all macs for radius test" has Vlans configured - trying to assign a Vlan tag

2013/07/01 11:21:08 freeradius_hook[22399] INFO> main::authenticate - found configured RadiusServer "test realm" for the request

2013/07/01 11:21:08 freeradius_hook[22399] INFO> main::authenticate - found configured Policy "all macs for radius test" for the request

2013/07/01 11:21:08 freeradius_hook[22399] INFO> main::authenticate - selected highest priority matching MacGroup "all macs for radius auth" for the request

2013/07/01 11:21:08 freeradius_hook[22399] INFO> main::authenticate - looking for a MacGroup matching AVP User-Name => 8c705a8d9410 (8c:70:5a:8d:94:10)

2013/07/01 11:21:08 freeradius_hook[22399] INFO> main::authenticate - looking for a MacGroup matching AVP Calling-Station-Id => 8C-70-5A-8D-94-10 (8c:70:5a:8d:94:10)

2013/07/01 11:21:08 freeradius_hook[22399] INFO> main::authenticate - looking for a MacGroup matching AVP Called-Station-Id => 58-93-96-9B-2A-7C:test (58:93:96:9b:2a:7c)

2013/07/01 11:21:08 freeradius_hook[22399] INFO> main::authenticate - failed to find a User with username 8c705a8d9410 - trying to find a MacGroup matching the request

2013/07/01 11:21:08 freeradius_hook[22399] INFO> Rxg::Db::Config::dbh - connect dbname=config

2013/07/01 11:21:08 freeradius_hook[22399] INFO> main::authenticate - searching for User with username 8c705a8d9410

2013/07/01 11:21:08 freeradius_hook[22399] INFO> main::authenticate - performing authenticate

# Executing group from file /usr/local/etc/raddb/radiusd.conf

rlm_perl: Added pair Auth-Type = perl

rlm_perl: Added pair NAS-IP-Address = 192.168.5.3

rlm_perl: Added pair NAS-Identifier = 58-93-96-9B-2A-7C

rlm_perl: Added pair User-Password = 8c705a8d9410

rlm_perl: Added pair User-Name = 8c705a8d9410

rlm_perl: Added pair Vendor-25053-Attr-3 = 0x74657374

rlm_perl: Added pair Message-Authenticator = 0xa50af63d7a9826a2c96de2ba66d9d405

rlm_perl: Added pair Calling-Station-Id = 8C-70-5A-8D-94-10

rlm_perl: Added pair Called-Station-Id = 58-93-96-9B-2A-7C:test

rlm_perl: Added pair Service-Type = Framed-User

rlm_perl: Added pair NAS-Port-Type = Wireless-802.11

2013/07/01 11:21:08 freeradius_hook[22399] INFO> main::authorize - performing authorize

New Member

Re: sg300 MAC-Based 802.1x authentification aka. mab (mac-auth-b

@jan.zacharias or anyone finally found a way out?

I run into the same probleme with a SG-350.

9596
Views
30
Helpful
18
Replies
CreatePlease login to create content