How does Juniper UAC differentiate the radius request for user authenticaion and/or mac authentication.
What parameters does the radius request have that the UAC decides to use the MAC authentication Realm ?
I am trying to use a Mac filter with a Cisco WLC, but the request keeps on coming through as a user authentication raquest, and I would prefer that the UAC handles this as a Mac authentication raquest.
When a device connects to a switch, the switch forwards the MAC address to the IC Series device as the login credential. The IC Series device RADIUS server consults the authentication server (either a local database or an external LDAP server) and allows or denies access to the device based on whether there is a matching entry.
The IC Series device supports several formats for MAC address credentials, including no-delimiter 003048436665, single dash 003048-436665, multidash 00-30-48-43-66-65, and multicolon 00:30:48:43:66:65.
Some switches uses CHAP and EAP-MD5-Challenge protocols for MAC address authentication with the username,the MAC address.
Service-Type with value Call-Check should not be an issue as long as you meet the requirements that we have provided earlier. And for your information, I did test with service-type as call-check, IC processes the request without any issue.
Can you attach tcp-dump and radius troubleshooting logs?
