For more details, please see ourCookie Policy.

Ethernet Switches & Routers

Not applicable
Posts: 1
Registered: ‎02-01-2012

Mac Authentication to Radius

I am not looking to assign vlans based on mac's, I am needing to simply do an on or off on the port.  My current configuration is a domain user and an AD server in the same vlan on the same switch (Fastiron WS648 - Version:05.0.00T7e5 (Fev2)).  Without mac-authentication configured for this port the user can login without any troubles.  At this point I have already created the mac user/pw on the NPS (Win2k8 Radius server). On the switch I have the following commands in global:

     mac-authentication enable

     mac-authentication auth-passwd-format xxxx.xxxx.xxxx
I have wireshark running on the AD server and when I enable mac-auth on the end-user PC port I never see any attempts hit the server.  Once enable here is how it shows on the switch:
     mac-authentication enable    
     mac-authentication auth-passwd-format xxxx.xxxx.xxxx
     interface ethernet 0/1/2
      mac-authentication enable

Is there anything I need to do on the server port?

Frequent Contributor
Posts: 117
Registered: ‎07-26-2010

Re: Mac Authentication to Radius


You need a central Radius server like Linux FreeRadius or IAS on Microsoft server or any other one.

Enable MAC Auth globally on the switch first:

mac-authentication enable

then enable MAC Auth per Port:

mac-authentication enable

mac-authentication enable-dynamic-vlan

configure the radius server globally on the switch:

aaa authentication dot1x default radius

radius-server host <IP address> auth-port 1812 acct-port 1813 default key 1 <Radius password> dot1x

The radius server needs to have

- the switch IP address configured as allowed client

- and needs to send back the following Radius attributes

Attribute name Type Value

Tunnel-Type 064 13 (decimal) – VLAN

Tunnel-Medium-Type 065 6 (decimal) – 802

Tunnel-Private-Group-ID 081

<vlan-name> (string) – either the name or the number of a VLAN

configured on the Brocade device.

Then it should work.

Hope this helps,


Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.