Please make Password for MAC-Base Auth optional or remove it entirely

None of the modern NAC solutions are receiving the password for MAB therefore causing authentication failure for devices which do not support 802.1x.

Here is the payload that is received from switch to the NAC and as you can see, the password is not passed down.

The only solution that I know of is FreeRadius and it's not really feasible to pidgehole Zyxel users to a single NAC vendor.

[{"Key":"User-Name","Value":"B4-22-00-5C-97-04"},{"Key":"NAS-IP-Address","Value":"10.x.0.x"},{"Key":"NAS-Identifier","Value":"switch_name"},{"Key":"P-Error-Code","Value":"60035"},{"Key":"P-Error-Msg","Value":"Auth via BE failed with curl err: '22' http code: '400'"},{"Key":"CONTEXT_ID","Value":"cab081ae-3e84-34b3-9b38-462edb8fcb97"},{"Key":"PORT","Value":"10432"},{"Key":"RADIUS_REGION","Value":"2"},{"Key":"RADIUS_TYPE","Value":"1"}]

1 votes

Active · Last Updated