cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
685
Views
0
Helpful
1
Replies

PxGrid - Learn MAB Authentication Username

kylerossd
Level 4
Level 4

I have a deployment where I want to learn the MAB username on a Firepower Management Center.  I have the FMC connected to AD to pull the users and group, and PxGrid integration completed.  I see the passive (AD) and active RADIUS authentications for the VPN.  However, I do not see the username (MAC Address) of MAB authentications.  That would also be a RADIUS authentication. In this particular case it is the auth method is EAP-PSK.  Not sure why we wouldn't see this authentication.

Is there a particular permission I need to add/modify for PxGrid to see these MAC Address usernames?

1 Accepted Solution

Accepted Solutions

thomas
Cisco Employee
Cisco Employee

By definition, a MAB (MAC Authentication Bypass) username is the MAC address. The MAC address is used for the password with MAB, too.

To see a username to MAC or IP mapping with pxGrid, you need to have an actual username+password authentication and for that you must use a different EAP protocol (PEAP typically with AD).

I am not aware of EAP-PSK support for ISE so I don't know how it would work at all.

https://www.cisco.com/c/en/us/td/docs/security/ise/3-2/compatibility_doc/b_ise_sdt_32.html

View solution in original post

1 Reply 1

thomas
Cisco Employee
Cisco Employee

By definition, a MAB (MAC Authentication Bypass) username is the MAC address. The MAC address is used for the password with MAB, too.

To see a username to MAC or IP mapping with pxGrid, you need to have an actual username+password authentication and for that you must use a different EAP protocol (PEAP typically with AD).

I am not aware of EAP-PSK support for ISE so I don't know how it would work at all.

https://www.cisco.com/c/en/us/td/docs/security/ise/3-2/compatibility_doc/b_ise_sdt_32.html