cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
265
Views
0
Helpful
0
Replies

MAC Authentication Bypass with quiet machines

StefanUlrich
Beginner
Beginner

Hi,

I have a problem with MAB: A coffeemachine is connected to a Switch with the following configuration:

interface GigabitEthernet4/0/27

switchport access vlan 6

switchport mode access

no logging event link-status

authentication control-direction in

authentication event server dead action authorize

authentication event no-response action authorize vlan 4000

authentication event server alive action reinitialize

authentication host-mode multi-auth

authentication order mab dot1x

authentication periodic

authentication timer reauthenticate server

mab

no snmp trap link-status

dot1x pae authenticator

authentication port-control Auto

storm-control broadcast level 1.00 0.50

storm-control multicast level 1.00 0.50

storm-control action trap

no cdp enable

end

the coffeemachine does not send any packet so the switch is unable to learn the MAC address and no MAB is going on. When I ping the machine from the switch the ping does not work. The switch tries to send ARP requests but does not receive any answer. When I change the port to "authentication open" everything works. The switch receives ARP answers, does MAB and the coffeemachine can answer the ping.

Is ARP not triggering a MAB?

Regards, Stefan

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers