6-3
Cisco TrustSec Configuration Guide
OL-22192-01
Chapter 6 Configuring Endpoint Admission Control
MAC Authentication Bypass Configuration
-------------------------------
Supplicant = 000c.293a.048e
Session ID = AC1AD01F0000000904BBECD8
Auth SM State = AUTHENTICATED
Auth BEND SM State = IDLE
Port Status = AUTHORIZED
MAC Authentication Bypass Configuration
MAC Authentication Bypass (MAB) enables hosts or clients that are not 802.1X capable to join
802.1X-enabled networks. It is not required to enable 802.1X authentication prior to enabling MAB.
The following example is a basic MAB configuration on a Catalyst switch:
switch(config)# interface GigabitEthernet2/1
switch(config-if)# authentication port-control auto
switch(config-if)# mab
For additional information on configuring MAB authentication, see the configuration guide for your
access switch.
Verifying the MAB Configuration
To verify the MAC Authentication Bypass configuration, use the show authentication interface
command.
switch# show authentication interface gigabitEthernet 2/1
Client list:
Interface MAC Address Domain Status Session ID
Gi2/1 000c.293a.048e DATA Authz Success AC1AD01F0000000A04CD41AC
Available methods list:
Handle Priority Name
2 1 mab
Runnable methods list:
Handle Priority Name
2 0 mab
To verify that the port has successfully authenticated, use the show mab interface command.
switch# show mab interface gigabitEthernet 2/1 details
MAB details for GigabitEthernet2/1
-------------------------------------
Mac-Auth-Bypass = Enabled
MAB Client List
---------------
Client MAC = 000c.293a.048e
Session ID = AC1AD01F0000000A04CD41AC
MAB SM state = ACQUIRING
Auth Status = UNAUTHORIZED
To Next Page
Loading...
Need help?
General