Hey experts!!
I am having another dilemma here. I am trying to configure MAC authentication bypass
feature on my Cisco 3750 switch to authenticate some devices which don’t
support 802.1x.
The way how it works is that (I figured it out by running debug on the
switch and by using wireshark), if the supplicant device
doesn’t support 802.1x, the switch (172.17.254.100) sends a access request
to the freeradius server (172.17.1.1) with username and password both
are the MAC
address of the device!
That brings my dilemma! I have like 200 devices like this. I
don’t want to edit my users file with each of the MAC address as the
UN/PW. Is there an easy way to write a script like thing to include all of
them? The mac addresses are all start with “00:a0:08”. I
want a logic
like:
If a request is for a user with first 3 octets like the
above one, use its MAC address (in this case will be also its username)
as the password and grant the access.
Is it possible to do it in FreeRadius 2.1.6?? I have
attached the output of a success authentication for a device with MAC: 00a0080806bd.
Of course I manually added this user in my users file. My users file
looks like:
00a0080806bd
Cleartext-Password := "00a0080806bd"
I appreciate any advice!! Thank you guys!!
|
|
Network Engineer Office: 403-509-1010 ext 3048 Cell: 403-689-7514 |