Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
466
Views
0
Helpful
3
Replies

MAB Configuration issue

Imran Ahmad
Level 2
Level 2

‎10-21-2012 08:17 AM - edited ‎03-10-2019 07:42 PM

with acs 4.2 installed in my network,   PEAP, EAP-TLS, md5... authentications work normally.  But Mac-Based-Authentication   doesnt work at all.  i tested every thing but no luck .

This is what i have setup on Swith for MAB:

aaa new-model

aaa authentication login default none

aaa authentication dot1x default group radius

radius-server host 192.168.2.16 auth-port 1645 acct-port 1646 key cisco

!

dot1x system-auth-control

!

interface FastEthernet0/1

switchport mode access

dot1x pae authenticator

dot1x port-control auto

dot1x mac-auth-bypass

On ACS server, i created Netword-Profile for MAB, i added those Agentless hosts mac-adds,   Even i created User-Name&password by those Agentless hosts mac-adds on acs,   ..... still nothing seems to be working.   i have selected ACS_Internal-Database for mac authentication.

On ACS while i check the   Failed-attempt log, nothing is logged there.  i dont know where is the issue.

Please tell me where im wrong on my config?

Labels:
0 Helpful
3 Replies 3

Saurav Lodh
Level 7
Level 7

‎05-23-2014 04:06 AM

Troubleshooting guide here

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4-2/trouble/guide/ACSTrbG42/Ch2.html

 

0 Helpful

kaaftab
Level 4
Level 4

‎05-23-2014 04:39 AM

check the following guides for references

http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-server-windows/99449-acsfolder-error.html

http://www.techsuite.net/bonnet3/wireless/cisco_eap_deployment_guide.pdf

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4-2/trouble/guide/ACSTrbG42/ecodes.html

 

0 Helpful

nspasov
Cisco Employee
Cisco Employee

‎05-23-2014 12:21 PM

You need to enter "mab" under the interface configuration. That will allow mab based authentications on the interface. Please note that the 802.1x timer and re-tries would have to time out before mab occurs. If you are still having problems please past the output of this command:

show authentication session interface interface_name_address

For more info on MAB you can take a look at the following guide:

http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/config_guide_c17-663759.html

 

Thank you for rating helpful posts! 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents