09-30-2022 09:26 AM
I have a deployment where I want to learn the MAB username on a Firepower Management Center. I have the FMC connected to AD to pull the users and group, and PxGrid integration completed. I see the passive (AD) and active RADIUS authentications for the VPN. However, I do not see the username (MAC Address) of MAB authentications. That would also be a RADIUS authentication. In this particular case it is the auth method is EAP-PSK. Not sure why we wouldn't see this authentication.
Is there a particular permission I need to add/modify for PxGrid to see these MAC Address usernames?
Solved! Go to Solution.
10-01-2022 11:47 AM
By definition, a MAB (MAC Authentication Bypass) username is the MAC address. The MAC address is used for the password with MAB, too.
To see a username to MAC or IP mapping with pxGrid, you need to have an actual username+password authentication and for that you must use a different EAP protocol (PEAP typically with AD).
I am not aware of EAP-PSK support for ISE so I don't know how it would work at all.
https://www.cisco.com/c/en/us/td/docs/security/ise/3-2/compatibility_doc/b_ise_sdt_32.html
10-01-2022 11:47 AM
By definition, a MAB (MAC Authentication Bypass) username is the MAC address. The MAC address is used for the password with MAB, too.
To see a username to MAC or IP mapping with pxGrid, you need to have an actual username+password authentication and for that you must use a different EAP protocol (PEAP typically with AD).
I am not aware of EAP-PSK support for ISE so I don't know how it would work at all.
https://www.cisco.com/c/en/us/td/docs/security/ise/3-2/compatibility_doc/b_ise_sdt_32.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide