cancel
Showing results for 
Search instead for 
Did you mean: 

dot1x & MAC auth using RADIUS with Router Code

robert_lowe_722
Contributor III
Hi All,

We're implementing dot1x and MAC auth on 7150 stack (08.0.80) running router code (basic). We've configured dot1x and MAC auth to RADIUS just like we have successfully in our lab environment (7250 switch code) but it doesn't work. The RADIUS server never even gets a request but we have confirmed connectivity between the two. IP interface VE exists in the test VLAN and default route to the WAN. I have a feeling it has something to do with the fact we dont have a management VLAN specified, but as i understand it, when running router code, this is not an option? Quite new to ICX so still figuring things out. Any pointer appreciated.

Auth-mode multiple-untagged
  auth-default-vlan XXX
  restricted-vlan YYY
  auth-fail-action restricted-vlan
  auth-timeout-action failure
  dot1x enable
  dot1x enable ethe 3/1/1
  dot1x port-control auto ethe 3/1/1
  mac-authentication enable
  mac-authentication enable ethe 3/1/1
  mac-authentication password-format xx:xx:xx:xx:xx:xx

aaa authentication dot1x default radius

radius-server host WWW.XXX.YYY.ZZZ auth-port 1812 acct-port 1813 default key 2 $RSddJzVvYish dot1x mac-auth
2 REPLIES 2

william_hadley_
New Contributor III
You can specify a VE or Interface to use.

ip radius source-interface x

Please refer to the Security guide section Source address configuration Radius


robert_lowe_722
Contributor III
Thanks William, this is exactly what i was looking for!