NEAP MAC RADIUS Authentication

For RADIUS authentication of a NEAP host MAC address, the switch generates a <username, password> pair as follows:
  • The username is the NEAP MAC address in string format.

  • The password is a string that combines the switch IP address, MAC address, port number and user-configurable key string. If padding option is enabled, the system will specify a dot(.) for every missing parameter. IP address is represented by three decimal characters per octet.

Important

Important

Follow these Global Configuration examples to select a password format that combines one or more of these three elements:

  • Padding enabled , password = 010010011253..05. (when the switch IP address and port are used).

  • Padding enabled, password = 010010011253… (when only the switch IP address is used).

  • No padding (default option). Password = 000011220001 (when only the user‘s MAC address is used).

The following example illustrates the <username, password> pair format with no padding enabled and using the IP address, MAC address, and key-string as the password.
switch IP address = 192.0.2.5 
non-EAP host MAC address = 00 C0 C1 C2 C3 C4
port = 25
Key-String = abcdef
  • username = 00C0C1C2C3C4

  • password = 010010011253.00C0C1C2C3C4.25.abcdef

Use the command show eapol system to verify the formatting.
Switch:1(config)#show eapol system
 
==========================================================================================
                                  Eapol System
==========================================================================================
                      eap : enabled
            Eapol Version : 3
          non-eap-pwd-fmt : mac-addr
      non-eap-pwd-fmt key : ******
  non-eap-pwd-fmt padding : disabled
  auto-isid-offset status : disabled
   auto-isid-offset value : 15980000