12-09-2014 12:16 AM - edited 03-10-2019 10:15 PM
Hi guys,
I am doing it in a lab so please guide me to understand this concept.
I have Cisco 3560 switch. What i want to achieve is
Is there anyway to do it ? or am i going in the wrong direction. Also, i dont think i need MAB here, cause i want to do authentication based on mac.
12-09-2014 12:39 AM
In the user guide its mentioned that
Cisco provides two features to accommodate non-802.1x devices. For example, MAC Authentication
Bypass (Host Lookup) and the Guest VLAN access by using web authentication.
But if i have a switch that doesnt support MAB, then what shall i do in that case ?
12-09-2014 02:46 AM
Yes, MAB is used for devices that do not support 802.1x which is EAPoL (EAP over LAN). If the switch doesn't support MAB then you can configure its ports to automatically authorize devices on a VLAN specified by you. You can accomplish this with the following port command:
authentication event fail action authorize vlan vlan_id
Hope this helps!
Thank you for rating helpful posts!
12-09-2014 03:30 AM
Cant we authenticate devices just using their MAC address and Radius Server ?
12-09-2014 04:44 AM
Yes you can, it is called MAB :) (Mac Authentication Bypass), which is used for devices that are not capable of performing 802.1x.
12-09-2014 06:25 AM
Hi Neno,
I think i am not clear in my question. I want to do authentication from Radius server using mac address. I dont want to use MAB and the command that you have said, is assigning vlan locally, i want to authenticate device using its mac address. And since my switch doesnt support MAB so leave it out of the equation :-)
Is such a thing possible
12-09-2014 06:18 PM
Hi Jonn, your question is clear and what I am trying to explain to you is that the authentication method (mac address authentication against Radius) is MAB. That is the method :) If your NAD does not support MAB then you will have to find another method. In the Cisco world, this is done via Radius attribute 6 (Service-Type) which is set to "Call-Check"
Here the link to Cisco's MAB deployment guide for more technical details:
Thank you for rating helpful posts!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide