Barracuda Networks NG Network Access Client SP4 Administrator's Manual page 206

In order for the RADIUS authentication to succeed with the above mentioned switch and software,
"Authentication, Authorization and Accounting" need to be disabled. This can be done by following
procedure:
Command:
•
Enter global configuration mode
•
Disable accounting for 802.1X. The parameter <radius> sets the default group holding the
attributes for RADIUS authentication. The group <radius> is configured and available by de-
fault. For any specific needs create your own group.
Otherwise, the RADIUS server receives an accounting request containing an empty user name. This
request is not treated as an authentication failure; therefore the switch will not disable the port, allowing
all network traffic. Given these circumstances client computers can perform health evaluations, but will
be assigned a VLAN, remaining in the configured guest VLAN.
Furthermore, the legacy mode must be enabled on the switch to obtain a successful authentication.
This is only possible by entering following command in the switch's command interface via telnet or the
web interface.
•
Where the following must be replaced according to your configuration:
Table 14–22
Command for Legacy Mode – Pptions
$Server$ IP or host name of the RADIUS server
$User$ User name
$Pwd$ Password
$Port$ Tthe RADIUS server's listening port
204 802.1X – Technical Guideline
configure terminal
no aaa accounting dot1x default group
Switch# test aaa group radius server $Server$ $User$ $Pwd$
port $Port$ legacy
<radius>