1. User message trigger authentication 2. Switch send Mac to server for authentication, MAC authentication failed, trigger 802.1X certification 3. User enters user password for authentication
configuration example;
radius-server template controller_12.36
radius-server shared-key cipher %^%#}gu$V!77QTf_=E.XK49#cLg'Smo}T!v8mIBwkKz0%^%#
radius-server authentication 12.12.12.36 1812 weight 80
#
aaa
authentication-scheme radius
authentication-mode radius
domain radius
authentication-scheme radius
radius-server controller_12.36
#
#
mac-access-profile name mac_access_profile
#
dot1x-access-profile name dot1x_access_profile
#
authentication-profile name mac_dot1x
dot1x-access-profile dot1x_access_profile
mac-access-profile mac_access_profile
access-domain radius
#
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 200
authentication-profile mac_dot1x
#