dot1x & MAC auth using RADIUS with Router Code

robert_lowe_722 — Mon, 17 Sep 2018 20:21:37 GMT

Hi All,

We're implementing dot1x and MAC auth on 7150 stack (08.0.80) running router code (basic). We've configured dot1x and MAC auth to RADIUS just like we have successfully in our lab environment (7250 switch code) but it doesn't work. The RADIUS server never even gets a request but we have confirmed connectivity between the two. IP interface VE exists in the test VLAN and default route to the WAN. I have a feeling it has something to do with the fact we dont have a management VLAN specified, but as i understand it, when running router code, this is not an option? Quite new to ICX so still figuring things out. Any pointer appreciated.

Auth-mode multiple-untagged
auth-default-vlan XXX
restricted-vlan YYY
auth-fail-action restricted-vlan
auth-timeout-action failure
dot1x enable
dot1x enable ethe 3/1/1
dot1x port-control auto ethe 3/1/1
mac-authentication enable
mac-authentication enable ethe 3/1/1
mac-authentication password-format xx:xx:xx:xx:xx:xx

aaa authentication dot1x default radius

radius-server host WWW.XXX.YYY.ZZZ auth-port 1812 acct-port 1813 default key 2 $RSddJzVvYish dot1x mac-auth

Re: dot1x & MAC auth using RADIUS with Router Code

william_hadley_ — Mon, 24 Sep 2018 18:49:48 GMT

You can specify a VE or Interface to use.

ip radius source-interface x

Please refer to the Security guide section Source address configuration Radius

Re: dot1x & MAC auth using RADIUS with Router Code

robert_lowe_722 — Mon, 24 Sep 2018 22:46:22 GMT

Thanks William, this is exactly what i was looking for!

topic dot1x & MAC auth using RADIUS with Router Code in ICX Switches

dot1x & MAC auth using RADIUS with Router Code

Re: dot1x & MAC auth using RADIUS with Router Code

Re: dot1x & MAC auth using RADIUS with Router Code