MAC-Auth-bypass

As a requirement for this section you need to have installed and working FreeRadius and FreeNAC.

Before starting configuring your Radius server, there is a step you
need to perform. You need to add the user required to run your Radius server
to the freenac group. In that way, it can access the configuration file
located at /opt/nac/etc/config.inc. In our system, the FreeRadius server runs under the radiusd user, so:

usermod -a -G freenac radiusd

Find in your /opt/nac/etc/config.inc file the variable $vmps_servers and put there the IP addresses or hostnames of your FreeNAC servers like follows:

##Binding with FreeRadius
$vmps_servers = "freenac01, 192.168.201.201,freenac03"; 

Below are the relevant sections to MAC-Authentication bypass to configure in radiusd.conf:

modules:

perl check_mac {
module = "/opt/nac/bin/rad2vmps"
} 

authorize:

 # Enable MAC lookup via VMPS: collect request data from radius
check_mac 

authenticate:

Auth-Type MAC-Auth-Bypass {
check_mac
}

post-auth

# Enable MAC lookup via VMPS: query vmps and assign vlan or deny
check_mac