Table of Contents
Advertisement
Chapter 6
Configuring Endpoint Admission Control
-------------------------------
Supplicant
Session ID
Port Status
MAC Authentication Bypass Configuration
MAC Authentication Bypass (MAB) enables hosts or clients that are not 802.1X capable to join
802.1X-enabled networks. It is not required to enable 802.1X authentication prior to enabling MAB.
The following example is a basic MAB configuration on a Catalyst switch:
switch(config)# interface GigabitEthernet2/1
switch(config-if)# authentication port-control auto
switch(config-if)# mab
For additional information on configuring MAB authentication, see the configuration guide for your
access switch.
Verifying the MAB Configuration
To verify the MAC Authentication Bypass configuration, use the show authentication interface
command.
switch# show authentication interface gigabitEthernet 2/1
Client list:
Interface
Gi2/1
Available methods list:
Handle
Runnable methods list:
Handle
To verify that the port has successfully authenticated, use the show mab interface command.
switch# show mab interface gigabitEthernet 2/1 details
MAB details for GigabitEthernet2/1
-------------------------------------
Mac-Auth-Bypass
MAB Client List
---------------
Client MAC
Session ID
MAB SM state
Auth Status
OL-22192-01
= 000c.293a.048e
= AC1AD01F0000000904BBECD8
Auth SM State
= AUTHENTICATED
Auth BEND SM State
= IDLE
= AUTHORIZED
MAC Address
000c.293a.048e
Priority
Name
2
1
mab
Priority
Name
2
0
mab
= Enabled
= 000c.293a.048e
= AC1AD01F0000000A04CD41AC
= ACQUIRING
= UNAUTHORIZED
Domain
Status
DATA
Authz Success
MAC Authentication Bypass Configuration
Session ID
AC1AD01F0000000A04CD41AC
Cisco TrustSec Configuration Guide
6-3
Hide quick links:
Advertisement
Table of Contents
