we configured an HP ProCurve 2650 switch with MAC-based authetication. In
that case the switch askes a RADIUS server into which VLAN belongs the
given MAC address. The switch conveys the MAC address as announcing
information, both for the user name and for the password. From the RADIUS
server the switch gets as answer, in which VLAN the Client belongs,
respectively in which VLAN an unauthorized client belongs. (PCs, IP-Phones
In our testenvironment the RADIUS server is a UNIX based freeRADIUS but for
other applications we need a AD integrated RADIUS, so that we want to use
directly a Microsoft IAS, running on a DC. We found so far however no
HOWTO, which describes the MAC based authentication with a Microsoft IAS
server. Is that generally possible?
The second problem is, that at least one RADIUS server is a pretty good
SPOF. In case of the FreeRADIUS installation we did not find a procedure to
synchronize the RADIUS server automatically with a second one, except a
scheduled running rsync task. Is there a feature for this problem
implemented in the IAS?
Thanks for your attention
"One good Whiskey a day, keeps the doctor away"