06-02-2011 05:55 AM - edited 03-10-2019 06:07 PM
I have MAB set up through ACS 5.2 at one of my sites and it seems to be working fine for laptops, but not for printers. I can plug a laptop into the port the printer is connected to and it connects right away, but pluggin the printer in and I get a "notconnect" and the port goes amber.
I am using the following commands on the switch ports:
authentication port-control auto
mab
I checked the ACS reporting and I see no failed authentication attempts, just the successful authentifications by the laptops.
06-02-2011 07:00 AM
Ran the command: sh auth sessions; it came back with the MAC Address (unknown) and status as Running. The MAC also doesnt show up under "sh mac address-table".
If I take the two commands out of the port configuration, the MAC Address show up on the table again.
06-02-2011 09:05 AM
Looks like the problem lies with the HP printer, not the switch config. I changed the printer to DHCP, still not working. Wend back to a static IP and then it worked.
This is going to be a hassel with over 50 sites to set this up at.
06-02-2011 02:58 PM
Robert,
What version are you using and what model switch are you running and what model printer is this not working for? Also the mac address table behavior is expected for devices that fail dot1x or mab, they do not get applied to the mac address table.
Also dhcp behavior is also expected it will not pull an ip address till the port has been authorized.
Can you run a debug dot1x packets (just to make sure there is not a supplicant enabled on the printer)
Also can you run a debug radius authentication while the process is started and post the output here, keep in mind to blurr out any sensitive information.
Also please let me know the full port configuration and show auth session int
Thanks,
Tarik Admani
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide