Dot1X Mac-Auth-Bypass - Cisco catalyst 3750 Command Reference Manual

Hide thumbs Also See for catalyst 3750:
Table of Contents

Advertisement

Chapter 2
Catalyst 3750 Switch Cisco IOS Commands

dot1x mac-auth-bypass

Use the dot1x mac-auth-bypass interface configuration command to enable the MAC authentication
bypass feature. Use the no form of this command to disable MAC authentication bypass feature.
Syntax Description
eap
timeout inactivity
value
Defaults
MAC authentication bypass is disabled.
Command Modes
Interface configuration
Command History
Release
12.2(25)SEE
12.2(35)SE
Usage Guidelines
Unless otherwise stated, the MAC authentication bypass usage guidelines are the same as the
IEEE 802.1x authentication guidelines.
If you disable MAC authentication bypass from a port after the port has been authenticated with its MAC
address, the port state is not affected.
If the port is in the unauthorized state and the client MAC address is not the authentication-server
database, the port remains in the unauthorized state. However, if the client MAC address is added to the
database, the switch can use MAC authentication bypass to re-authorize the port.
If the port is in the authorized state, the port remains in this state until re-authorization occurs.
If an EAPOL packet is detected on the interface during the lifetime of the link, the switch determines
that the device connected to that interface is an IEEE 802.1x-capable supplicant and uses IEEE 802.1x
authentication (not MAC authentication bypass) to authorize the interface.
Clients that were authorized with MAC authentication bypass can be re-authenticated.
For more information about how MAC authentication bypass and IEEE 802.lx authentication interact,
see the "Understanding IEEE 802.1x Authentication with MAC Authentication Bypass" section and the
"IEEE 802.1x Authentication Configuration Guidelines" section in the "Configuring IEEE 802.1x
Port-Based Authentication" chapter of the software configuration guide.
OL-8552-07
dot1x mac-auth-bypass [eap | timeout inactivity value]
no dot1x mac-auth-bypass
(Optional) Configure the switch to use Extensible Authentication Protocol
(EAP) for authentication.
(Optional) Configure the number of seconds that a connected host can be
inactive before it is placed in an unauthorized state. The range is 1 to 65535.
Modification
This command was introduced.
The timeout inactivity value keywords were added.
dot1x mac-auth-bypass
Catalyst 3750 Switch Command Reference
2-149

Advertisement

Table of Contents
loading

Table of Contents