Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
0
Helpful
3
Replies

Problem with MAB authentication on IOL switch with ISE

anfeldendani1996
Level 1
Level 1

‎10-02-2025 03:09 AM

 

Hello,

I'm trying to configure MAB authentication using Cisco ISE and a switch, but I'm running into an issue:

  1. When I do not configure MAB on the switch, the MAC address of the client shows up normally in the MAC address table.

  2. When I enable the MAB configuration, the switch does not receive any MAC address from the client (it shows 0000.0000.0000), even though the MAB process is running.

Additional info:

  • mab config 

anfeldendani1996_0-1759399383233.png

  • results : 

anfeldendani1996_1-1759399403109.png

  • Switch version:

     
    Cisco IOS Software, Solaris Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Experimental Version 15.1(20140814:053243) [mmen 112]

  • When using 802.1X, authentication works correctly.

It seems like MAB is not learning or passing the client MAC address properly

Has anyone faced this issue before? Is it a known limitation/bug of this IOL image?
Any workaround  to test MAB in a lab environment?

Thanks in advance.

 

 

 

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎10-02-2025 04:38 AM

have you tried vIOSL2 ? or Cat9K image.

 

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

anfeldendani1996
Level 1
Level 1
In response to balaji.bandi

‎10-02-2025 08:05 AM

hello , 

thank you for the suggesting , 

I'im using pnetlab , and i don't have access to the CLI , so i can't upload images 

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to anfeldendani1996

‎10-02-2025 08:14 AM - edited ‎10-02-2025 08:24 AM

i used pnetlab - IOL have some versions have  Limitations 

i tried below version as per my notes it works for me 

SW4#show version
Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version 15.2(CML_NIGHTLY_20190423)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, synced to V152_6_0_81_E

interface eth 0/1 
switchport host
authentication open
authentication host-mode multi-auth
authentication order mab
authentication priority mab
authentication port-control auto
mab
dot1x pae authenticator

SW4#show authentication sessions interface ethernet 0/1 details
Interface: Ethernet0/1
MAC Address: 50d6.9f00.9dff
IPv6 Address: Unknown
IPv4 Address: 5.2.35.2
User-Name: 50-D6-9F-00-9D-FF
Status: Authorized
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Restart timeout: N/A
Periodic Acct timeout: N/A
Session Uptime: 225s
Common Session ID: 960107220000000E00282A68
Acct Session ID: 0x00000001
Handle: 0x6D000003
Current Policy: POLICY_Et0/1

Local Policies:
Service Template: xxxxxxxxxxxxxx (priority 150)
Security Policy: Should Secure
Security Status: Link Unsecure


Server Policies:
Vlan Group: Vlan: 305
ACS ACL: xxxxxxxxxxxxxxxxx

Method status list:
Method State

mab Authc Success

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents