Configuration Guide 802.1x Configuration
Following example shows how to configure the MAB function.
Ruijie# configure terminal
Ruijie(config)# interface fa 0/1
Ruijie(config-if)# dot1x port-control auto
Ruijie(config-if)# dot1x mac-auth-bypass
Use the format XXXXXXXXXXXX when setting the username and keyword for the MAC address on the
server.
With the port in the MAB mode, only one MAC address that firstly found by the device can be used for the
authentication.
One port for one MAC address authentication is supported in both the port mode and the MAC mode.
Anytime when the client responses the 802.1x authentication, the MAB on the port takes no effect unless the
link state down/up change occurs or the 802.1x function on the port is re-enabled.
The client online probe function takes no effect for the MAC authentication in the MAB mode.
With MAB port configured, an authentication request packet is sent at the interval of tx-period. After sending
the packets for reauth-max times, if there is no client response, the port enters to the MAB mode. The port in
the MAB mode can learn the MAC address and use the learned MAC address as the username for the
authentication.
MAB supports the PAP, CHAP, EAP-MD5 authentication methods. For how to configure the authentication
method, see the chapter in Authentication Method Configuration.
In the MAB mode, after the MAC address authentication failure, if the guest vlan has been configured, the
authentication port will enter the guest vlan; if the guest vlan has not been configured, the port stays in the
original vlan. The MAB does not support auth-fail VLAN, that is, even though the MAB authentication fails
and the auth-fail VLAN has been configured, the port will not enter the auth-fail VLAN.
MAB supports server deployment functions such as dynamic VLAN delivery and ACL delivery.
To Next Page
Loading...
