https://community.cisco.com/t5/network-access-control/mac-and-username/m-p/1831426#M217457 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>When you implement Wired 802.1x the flow should be as follows:</P><P></P><P>1) Plug the machine to the switchport.</P><P></P><P>2) The switch sends an EAPoL Start message.</P><P></P><P>2.1) If the machine is 802.1x compliant (supports EAP methods) the EAP negotion will start. The machine will be prompt for username/password (PEAP) or the appropriate certificate (EAP-TLS).</P><P></P><P>2.2) If the machine is not 802.1x compliant (does not support EAP) then the Switch EAPoL start will time out.</P><P></P><P>3) The switch configuration will detect the EAPoL timeout and "fallback" to the next configured method, which in this case, should be MAB.</P><P></P><P>4) The machine that failed to respond the EAPoL Start will then provide username/password both as the device MAC Address. MAB credentials will be passed to the authentication server for validation.</P><P></P><P>NOTE: 802.1x and MAB will never occur at the same time for the same machine/device.</P><P></P><P>Please refer to the attached .pdf file for additional information.</P><P></P><P>If this was helpful please rate.</P><P></P><P>Regards.</P></BODY></HTML> Wed, 08 Feb 2012 19:35:19 GMT camejia 2012-02-08T19:35:19Z https://community.cisco.com/t5/network-access-control/mac-and-username/m-p/1831425#M217456 <P>Dear all</P><P>we have a large network and the policy of company is combination of MAC address + username (dot1X)</P><P>Do we have any kind of solution for combination of mac address and username on our switch?</P><P>I mean when the computer plug to the port , it checks for mac address and username both is same time</P><P>thank you</P> Mon, 11 Mar 2019 01:48:20 GMT https://community.cisco.com/t5/network-access-control/mac-and-username/m-p/1831425#M217456 networkware 2019-03-11T01:48:20Z https://community.cisco.com/t5/network-access-control/mac-and-username/m-p/1831426#M217457 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>When you implement Wired 802.1x the flow should be as follows:</P><P></P><P>1) Plug the machine to the switchport.</P><P></P><P>2) The switch sends an EAPoL Start message.</P><P></P><P>2.1) If the machine is 802.1x compliant (supports EAP methods) the EAP negotion will start. The machine will be prompt for username/password (PEAP) or the appropriate certificate (EAP-TLS).</P><P></P><P>2.2) If the machine is not 802.1x compliant (does not support EAP) then the Switch EAPoL start will time out.</P><P></P><P>3) The switch configuration will detect the EAPoL timeout and "fallback" to the next configured method, which in this case, should be MAB.</P><P></P><P>4) The machine that failed to respond the EAPoL Start will then provide username/password both as the device MAC Address. MAB credentials will be passed to the authentication server for validation.</P><P></P><P>NOTE: 802.1x and MAB will never occur at the same time for the same machine/device.</P><P></P><P>Please refer to the attached .pdf file for additional information.</P><P></P><P>If this was helpful please rate.</P><P></P><P>Regards.</P></BODY></HTML> Wed, 08 Feb 2012 19:35:19 GMT https://community.cisco.com/t5/network-access-control/mac-and-username/m-p/1831426#M217457 camejia 2012-02-08T19:35:19Z