https://community.cisco.com/t5/network-access-control/problem-with-mab-authentication-on-iol-switch-with-ise/m-p/5335475#M598392 <P>i used pnetlab - IOL have some versions have&nbsp; Limitations&nbsp;</P> <P>i tried below version as per my notes it works for me&nbsp;</P> <P>SW4#show version<BR />Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version 15.2(CML_NIGHTLY_20190423)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, synced to V152_6_0_81_E</P> <P>interface eth 0/1&nbsp;<BR />switchport host<BR />authentication open<BR />authentication host-mode multi-auth<BR />authentication order mab<BR />authentication priority mab<BR />authentication port-control auto<BR />mab<BR />dot1x pae authenticator<BR /><BR /></P> <P>SW4#show authentication sessions interface ethernet 0/1 details<BR />Interface: Ethernet0/1<BR />MAC Address: 50d6.9f00.9dff<BR />IPv6 Address: Unknown<BR />IPv4 Address: 5.2.35.2<BR />User-Name: 50-D6-9F-00-9D-FF<BR />Status: Authorized<BR />Domain: DATA<BR />Oper host mode: multi-auth<BR />Oper control dir: both<BR />Session timeout: N/A<BR />Restart timeout: N/A<BR />Periodic Acct timeout: N/A<BR />Session Uptime: 225s<BR />Common Session ID: 960107220000000E00282A68<BR />Acct Session ID: 0x00000001<BR />Handle: 0x6D000003<BR />Current Policy: POLICY_Et0/1</P> <P>Local Policies:<BR />Service Template: xxxxxxxxxxxxxx (priority 150)<BR />Security Policy: Should Secure<BR />Security Status: Link Unsecure</P> <P><BR />Server Policies:<BR />Vlan Group: Vlan: 305<BR />ACS ACL: xxxxxxxxxxxxxxxxx</P> <P>Method status list:<BR />Method State</P> <P>mab Authc Success</P> Thu, 02 Oct 2025 15:24:07 GMT balaji.bandi 2025-10-02T15:24:07Z https://community.cisco.com/t5/network-access-control/problem-with-mab-authentication-on-iol-switch-with-ise/m-p/5335348#M598373 <P>&nbsp;</P><P>Hello,</P><P>I'm trying to configure MAB authentication using Cisco ISE and a switch, but I'm running into an issue:</P><OL><LI><P>When I do <STRONG>not</STRONG> configure MAB on the switch, the MAC address of the client shows up normally in the MAC address table.</P></LI><LI><P>When I enable the MAB configuration, the switch does <STRONG>not</STRONG> receive any MAC address from the client (it shows 0000.0000.0000), even though the MAB process is running.</P></LI></OL><P><EM><STRONG>Additional info:</STRONG></EM></P><UL><LI>mab config&nbsp;</LI></UL><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="anfeldendani1996_0-1759399383233.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/252906i0C8741856CDF7010/image-size/medium?v=v2&amp;px=400" role="button" title="anfeldendani1996_0-1759399383233.png" alt="anfeldendani1996_0-1759399383233.png" /></span></P><UL><LI>results :&nbsp;</LI></UL><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="anfeldendani1996_1-1759399403109.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/252907i2B9BB5BBAA638514/image-size/medium?v=v2&amp;px=400" role="button" title="anfeldendani1996_1-1759399403109.png" alt="anfeldendani1996_1-1759399403109.png" /></span></P><UL><LI><P>Switch version:</P><DIV class=""><DIV class=""><DIV class=""><DIV class="">&nbsp;</DIV></DIV></DIV><DIV class=""><SPAN>Cisco IOS Software, Solaris Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Experimental Version <SPAN class="">15.1</SPAN>(<SPAN class="">20140814</SPAN>:<SPAN class="">053243</SPAN>) <SPAN class="">[mmen 112]</SPAN> </SPAN></DIV></DIV></LI><LI><P>When using <STRONG>802.1X</STRONG>, authentication works correctly.</P></LI></UL><P>It seems like MAB is not learning or passing the client MAC address properly</P><P>Has anyone faced this issue before? Is it a known limitation/bug of this IOL image?<BR />Any workaround&nbsp; to test MAB in a lab environment?</P><P>Thanks in advance.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 02 Oct 2025 10:09:28 GMT https://community.cisco.com/t5/network-access-control/problem-with-mab-authentication-on-iol-switch-with-ise/m-p/5335348#M598373 anfeldendani1996 2025-10-02T10:09:28Z https://community.cisco.com/t5/network-access-control/problem-with-mab-authentication-on-iol-switch-with-ise/m-p/5335374#M598375 <P>have you tried vIOSL2 ? or Cat9K image.</P> <P>&nbsp;</P> Thu, 02 Oct 2025 11:38:17 GMT https://community.cisco.com/t5/network-access-control/problem-with-mab-authentication-on-iol-switch-with-ise/m-p/5335374#M598375 balaji.bandi 2025-10-02T11:38:17Z https://community.cisco.com/t5/network-access-control/problem-with-mab-authentication-on-iol-switch-with-ise/m-p/5335465#M598390 <P>hello ,&nbsp;</P><P>thank you for the suggesting ,&nbsp;</P><P>I'im using pnetlab , and i don't have access to the CLI , so i can't upload images&nbsp;</P><P>&nbsp;</P> Thu, 02 Oct 2025 15:05:44 GMT https://community.cisco.com/t5/network-access-control/problem-with-mab-authentication-on-iol-switch-with-ise/m-p/5335465#M598390 anfeldendani1996 2025-10-02T15:05:44Z https://community.cisco.com/t5/network-access-control/problem-with-mab-authentication-on-iol-switch-with-ise/m-p/5335475#M598392 <P>i used pnetlab - IOL have some versions have&nbsp; Limitations&nbsp;</P> <P>i tried below version as per my notes it works for me&nbsp;</P> <P>SW4#show version<BR />Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version 15.2(CML_NIGHTLY_20190423)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, synced to V152_6_0_81_E</P> <P>interface eth 0/1&nbsp;<BR />switchport host<BR />authentication open<BR />authentication host-mode multi-auth<BR />authentication order mab<BR />authentication priority mab<BR />authentication port-control auto<BR />mab<BR />dot1x pae authenticator<BR /><BR /></P> <P>SW4#show authentication sessions interface ethernet 0/1 details<BR />Interface: Ethernet0/1<BR />MAC Address: 50d6.9f00.9dff<BR />IPv6 Address: Unknown<BR />IPv4 Address: 5.2.35.2<BR />User-Name: 50-D6-9F-00-9D-FF<BR />Status: Authorized<BR />Domain: DATA<BR />Oper host mode: multi-auth<BR />Oper control dir: both<BR />Session timeout: N/A<BR />Restart timeout: N/A<BR />Periodic Acct timeout: N/A<BR />Session Uptime: 225s<BR />Common Session ID: 960107220000000E00282A68<BR />Acct Session ID: 0x00000001<BR />Handle: 0x6D000003<BR />Current Policy: POLICY_Et0/1</P> <P>Local Policies:<BR />Service Template: xxxxxxxxxxxxxx (priority 150)<BR />Security Policy: Should Secure<BR />Security Status: Link Unsecure</P> <P><BR />Server Policies:<BR />Vlan Group: Vlan: 305<BR />ACS ACL: xxxxxxxxxxxxxxxxx</P> <P>Method status list:<BR />Method State</P> <P>mab Authc Success</P> Thu, 02 Oct 2025 15:24:07 GMT https://community.cisco.com/t5/network-access-control/problem-with-mab-authentication-on-iol-switch-with-ise/m-p/5335475#M598392 balaji.bandi 2025-10-02T15:24:07Z