we have a large network and the policy of company is combination of MAC address + username (dot1X)
Do we have any kind of solution for combination of mac address and username on our switch?
I mean when the computer plug to the port , it checks for mac address and username both is same time
When you implement Wired 802.1x the flow should be as follows:
1) Plug the machine to the switchport.
2) The switch sends an EAPoL Start message.
2.1) If the machine is 802.1x compliant (supports EAP methods) the EAP negotion will start. The machine will be prompt for username/password (PEAP) or the appropriate certificate (EAP-TLS).
2.2) If the machine is not 802.1x compliant (does not support EAP) then the Switch EAPoL start will time out.
3) The switch configuration will detect the EAPoL timeout and "fallback" to the next configured method, which in this case, should be MAB.
4) The machine that failed to respond the EAPoL Start will then provide username/password both as the device MAC Address. MAB credentials will be passed to the authentication server for validation.
NOTE: 802.1x and MAB will never occur at the same time for the same machine/device.
Please refer to the attached .pdf file for additional information.
If this was helpful please rate.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: