[FreeRadius] Mac Authen with Centos

yesi yesi at posteo.net
Wed Dec 9 12:12:49 CET 2020


On 12/4/20 6:28 PM, Michael Schwartzkopff wrote:
> I assume this is a problem of the switch. If it does not send out RADIUS
> packets, then the RADIUS server cannot receive any.
>
>
> Did you assign the profile to interfaces?
>
> Mit freundlichen Grüßen,
To put in the context, here are the added informations :

  * radius server IP : a.a.a.a
  * switch Huawei IP : b.b.b.b
  * client network IP range e.g. VLAN 25 : c.c.c.c

A client is configured with an IP in the vlan 25.

When connected to a switch port for the MAC Authen, the client can't 
ping the gateway of the VLAN 25.

On the switch,

switch > display access-user

------------------------------------------------------------------------------------------------------
  UserID  Username               IP 
address                               MAC            Status
  ------------------------------------------------------------------------------------------------------

16      toto-account x.x.x.x                              -              
Success
2070    client_mac_address           client_ip_address 
                           client_mac_address   Pre-authen
  ------------------------------------------------------------------------------------------------------


On the Radius server, a local test is OK.

 From the Huawei switch, a test with a test user "bob" is OK. In the 
debug mode, "radiusd -X", we see the packets. When a machine tried to 
connect to the switch, in the debug mode, "radiusd -X", there is no 
message. There are no packets from the capture on the radius server when 
: tcpdump -vnni ens160 src "port 1812 or port 1813" tcpdump -vnni ens160 
src "host b.b.b.b or host c.c.c.c"


For the Huawei Network engineer, the conf on the switch is ok...

I have no idea where to look at.

y.


More information about the Freeradius-Users mailing list