[e-nsp] ExtremeXOS 12.x mac authentification vs 802.1x
Youssef Ghorbal
youssef.ghorbal at gmail.com
Tue Nov 2 06:17:23 EDT 2010
>> I did'nt get the logic here. What I did'nt understand is how does it
>> happen that a "successful database lookup" will send back a "failed"
>> request ?
>> Is this behavior/logic is documented somewhere ?
>
> Dunno if its documented, its what works for me. bit of code, which does a
> lookup (ldap). If it finds a positive match of the macaddress in question
> _and_ is dot1x able, then the radiator server (within lookup script) is
> configured to negate and reply with the radius attribute Access-Reject,
> which makes the switch try another method - dot1x. If the lookup finds a
> positive match in the database, and its not dot1x able, returns the radius
> attribute Access-Accept. If the lookup doesn't find the macaddress, then
> its an unknown machine and likely not one that you want on the network, so
> it will get a Access-Reject for both maclogin and dot1x login.
That's more clear now ! I'll give it a shot
Thanks for your time and assistance.
Youssef Ghorbal
More information about the extreme-nsp
mailing list