Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2091
Views
0
Helpful
3
Replies

MAB authentication on WEBCAM is not working

Go to solution
manojg694409412
Level 1
Level 1

‎05-25-2021 06:03 AM

Hi ,

We have configured a webcam on 3750 switch with authentication  open . Since the device is silent device ,until we ping the webcam which as static IP address the MAC address is not learnt by the switch. Once it learns it the authentication starts and MAB is successfully. 

IF we put the port in closed mode and bounce the interface authentication starts never starts and the Ping also don't work .

My question is if the end point is silent device the switch need to initiate the EAP process as per the cisco doc  ,but i am not seeing EAP packets from the switch until i initiate the ping to the webcam .

Is it normal behavior ? or we have any other ways to overcome the same.

 

Regards,

Manoj

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
lrojaslo
Cisco Employee
Cisco Employee

‎05-25-2021 01:04 PM

If the endpoint is not learned by MAC address on the switch (per your description, seems to be endpoint behavior), the switch/authenticator won't start EAP communication until it detects that endpoint is plug on the port. 

 

If this is expected behavior from the endpoint, I don't think there would be a particular way to make it work.

 

The second way for dot1x to initiate is with EAPoL start, so if the endpoint is able to send an start packet, then switch will reply with Identity-request packet to start dot1x process.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Peter Koltl
Level 7
Level 7

‎05-25-2021 07:10 AM

MAB process does not include any EAP frames between switch and host. It just waits for the first incoming frame from the host.

0 Helpful

Go to solution
manojg694409412
Level 1
Level 1
In response to Peter Koltl

‎05-25-2021 08:48 AM

Thanks Peter. But the endpoint is not generating any packets when it get connected. Hence there any other way to resolve it . 

 Regards, 

Manoj

0 Helpful

Go to solution
lrojaslo
Cisco Employee
Cisco Employee

‎05-25-2021 01:04 PM

If the endpoint is not learned by MAC address on the switch (per your description, seems to be endpoint behavior), the switch/authenticator won't start EAP communication until it detects that endpoint is plug on the port. 

 

If this is expected behavior from the endpoint, I don't think there would be a particular way to make it work.

 

The second way for dot1x to initiate is with EAPoL start, so if the endpoint is able to send an start packet, then switch will reply with Identity-request packet to start dot1x process.

0 Helpful
Customers Also Viewed These Support Documents