Prerequisites For Configuring Mac Authentication Bypass - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Prerequisites for Configuring MAC Authentication Bypass
Prerequisites for Configuring MAC Authentication Bypass
IEEE 802.1x—Port-Based Network Access Control
You should understand the concepts of port-based network access control and have an understanding of how
to configure port-based network access control on your Cisco platform.
RADIUS and ACLs
You should understand the concepts of the RADIUS protocol and have an understanding of how to create
and apply access control lists (ACLs). For more information, see the documentation for your Cisco platform
and the Securing User Services Configuration Guide Library.
The device must have a RADIUS configuration and be connected to the Cisco secure access control server
(ACS). For more information, see the User Guide for Secure ACS Appliance 3.2.
Information About MAC Authentication Bypass
Overview of the Cisco IOS Auth Manager
The capabilities of devices connecting to a given network can be different, thus requiring that the network
support different authentication methods and authorization policies. The Cisco IOS Auth Manager handles
network authentication requests and enforces authorization policies regardless of authentication method. The
Auth Manager maintains operational data for all port-based network connection attempts, authentications,
authorizations, and disconnections and, as such, serves as a session manager.
The possible states for Auth Manager sessions are as follows:
• Idle—In the idle state, the authentication session has been initialized, but no methods have yet been run.
• Running—A method is currently running. This is an intermediate state.
• Authc Success—The authentication method has run successfully. This is an intermediate state.
• Authc Failed—The authentication method has failed. This is an intermediate state.
• Authz Success—All features have been successfully applied for this session. This is a terminal state.
• Authz Failed—At least one feature has failed to be applied for this session. This is a terminal state.
• No methods—There were no results for this session. This is a terminal state.
Overview of the Configurable MAB Username and Password
A MAC Authentication Bypass (MAB) operation involves authentication using RADIUS Access-Request
packets with both the username and password attributes. By default, the username and the password values
are the same and contain the MAC address. The Configurable MAB Username and Password feature enables
you to configure both the username and the password attributes in the following scenarios:
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1042
This is an intermediate state.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
