RADIUS Attributes Port Authentication MAC Auth
we recently noticed some strange/wrong radius attributes when doing MAC-Auth instead of 802.1X.
The RADIUS attributes are different while most are missing when MAC-Auth is enabled.
An example is NAS-IP-Adress and Client-IP-Adress are misused.
The actual NAS is used as Client-IP if MAC-Auth is enabled.
Also Port-Type "Ethernet" is missing.
On windows NPS we had to create additional Connection Request and Network Policies.
We would also like to use 802.1X supplicant of the switch to secure the uplink.
Eventually also a "multi host mode" so that the first MAC-Auth opens the port and following MACs on the port do not need to authenticate (e.g. if an AP is connected via MAC-Auth).
Switch used: GS1920-8HPv2 with recent firmware