LANCOM Support Knowledgebase Document No. 1610.1910.2328.RHOO - V1.80

Setting up MAC-based authentication at a LANCOM RADIUS server through a LANCOM GS-23xx switch



Description:

This document describes the settings to make on LANCOM GS-23xx series switches and LANCOM routers in order to implement MAC-based authentication at the internal RADIUS server of a LANCOM device.


Requirements:


Procedure:

1) Setting up the switch

1.1) Specify the RADIUS server
  • Open the menu Security -> AAA -> Configuration -> RADIUS authentication server configuration and set one of the entries in the list to Enabled.
  • Enter the IP address of the LANCOM RADIUS server.
  • Enter a shared secret into the Secret box.



1.2) Set up MAC authentication
  • Navigate to the menu Security -> NAS -> Configuration -> System configuration and set the Mode to the value Enabled.
  • In the Port configuration section, set the Admin state of the necessary ports to the value MAC-based auth.

Then save the configuration of the switch.




2) Setting up LANCOM RADIUS

2.1) Activate the RADIUS server
  • Open the configuration for the LANCOM router in LANconfig and switch to the menu item RADIUS -> Server -> RADIUS service.
  • In the Authentication port field, enter the value 1812.



2.2) Specify the switch as an IPv4 client
  • Then click the button IPv4 clients to specify the switch as a new client.
    • IP address: IP address of the switch
    • Netmask: 255.255.255.255
    • Protocols: RADIUS
    • Client secret: The same secret as the one entered into the switch



2.3) Add one or more entries to the User table
  • In the RADIUS server user table, add one or more new entries with the following settings:
    • Name / MAC address MAC address of the client in the format xx-xx-xx-xx-xx-xx
    • Case-sensitive user name check: Set the checkmark
    • Password: The MAC address of the client
    • Service type: Framed
    • Expiry type: Never

Write the configuration back to the LANCOM router. This concludes the configuration.


Catchwords: MAC authentication; switch; RADIUS; 802.1X
Please review this document! This document was helpful This document was not helpful