MAC authentication bypass --- How am I supposed to edit the users file to include multiple MAC addresses??

Difan Zhao difan.zhao at guest-tek.com
Sat Dec 19 00:37:06 CET 2009 

Hey experts!!

 

I am having another dilemma here. I am trying to configure MAC
authentication bypass feature on my Cisco 3750 switch to authenticate
some devices which don't support 802.1x.

 

The way how it works is that (I figured it out by running debug on the
switch and by using wireshark), if the supplicant device doesn't support
802.1x, the switch (172.17.254.100) sends a access request to the
freeradius server (172.17.1.1) with username and password both are the
MAC address of the device!

 

That brings my dilemma! I have like 200 devices like this. I don't want
to edit my users file with each of the MAC address as the UN/PW. Is
there an easy way to write a script like thing to include all of them?
The mac addresses are all start with "00:a0:08". I want a logic like: 

 

If a request is for a user with first 3 octets like the above one, use
its MAC address (in this case will be also its username) as the password
and grant the access.

 

Is it possible to do it in FreeRadius 2.1.6?? I have attached the output
of a success authentication for a device with MAC: 00a0080806bd. Of
course I manually added this user in my users file. My users file looks
like:

 

00a0080806bd    Cleartext-Password := "00a0080806bd"

 

I appreciate any advice!! Thank you guys!!

 

  

Difan Zhao, CCNP

Network Engineer

difan.zhao at guest-tek.com

www.guest-tek.com <http://www.guest-tek.com/> 

Office: 403-509-1010 ext 3048

Cell: 403-689-7514

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091218/52eba5d6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3785 bytes
Desc: image001.jpg
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091218/52eba5d6/attachment.jpg>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Radiusd -X.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091218/52eba5d6/attachment.txt>

More information about the Freeradius-Users mailing list