VLAN info disappears

Leighton Man l.j.man at hud.ac.uk
Fri Jun 11 10:28:39 CEST 2010


>How could it be, when it passes the same information in both cases (the
>only difference is the username/password)? Is it possible that the switch
>interprets the reply differently for dot1x and mab authentication?
>I know it's rather Cisco related issue than RADIUS, but maybe someone
>experienced it before.

The switch has a list of authentication methods to try for each type of login. For example my config for 802.1x says:

aaa authentication dot1x default group radius

You'll also need:
dot1x mac-auth-bypass
configured on the interface itself. There's some info here
http://www.symantec.com/connect/articles/snac-8021x-mac-authentication-bypass-mab-cisco-switch-and-ias

It's about IAS unfortunately, but it explains the cisco bits. Plenty more on the Cisco site as well.

Good luck,

Leighton


---
This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability.




More information about the Freeradius-Users mailing list