MAC based authentication

Phil Mayers p.mayers at imperial.ac.uk
Tue Aug 10 17:27:25 CEST 2010


> rad_recv: Access-Request packet from host 10.10.10.254 port 58798,
> id=45, length=118
>          User-Name = "aa00007f9c90"
>          NAS-Port = 119
>          EAP-Message = 0x0200001101616130303030376639633930
>          Message-Authenticator = 0x4ab3cccda64e92e76dfa2a97172cebca
>          Acct-Session-Id = "8O2.1x81eb00c2"
>          NAS-Identifier = "EX4200-VC"
>          NAS-Port-Type = Virtual
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[files] returns noop
> No authenticate method (Auth-Type) configuration found for the request:
> Rejecting the user
> Failed to authenticate the user.
> Delaying reject of request 0 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 0
> Sending Access-Reject of id 45 to 10.10.10.254 port 58798
> Waking up in 4.9 seconds.
> Cleaning up request 0 ID 45 with timestamp +62
> Ready to process requests.
>
> and on the switch it remains on:
>
> ge-1/0/4.0
>    Role: Authenticator
>    Administrative state: Auto
>    Supplicant mode: Multiple
>    Number of retries: 3
>    Quiet period: 60 seconds
>    Transmit period: 30 seconds
>    Mac Radius: Disabled
>    Mac Radius Strict: Enabled
>    Reauthentication: Enabled Reauthentication interval: 3600 seconds
>    Supplicant timeout: 30 seconds
>    Server timeout: 30 seconds
>    Maximum EAPOL requests: 2
>    Guest VLAN member:
>    Number of connected supplicants: 1
>      Supplicant: aa00007f9c90, AA:00:00:7F:9C:90
>        Operational state: Authenticating
>        Authentcation method: Radius
>        Authenticated VLAN: configured/default
>        Reauthentication due in 0 seconds
>
> Any clues?

You've enabled 802.1x, not MAC-based VLANs. You'll need to configure 
802.1x at the servers or configure MAC-based auth at the switch.



More information about the Freeradius-Users mailing list