cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

707
Views
0
Helpful
3
Replies
robert.riggle
Contributor

Using MAB on ACS for printers

I have MAB set up through ACS 5.2 at one of my sites and it seems to be working fine for laptops, but not for printers.  I can plug a laptop into the port the printer is connected to and it connects right away, but pluggin the printer in and I get a "notconnect" and the port goes amber.

I am using the following commands on the switch ports:

authentication port-control auto

mab

I checked the ACS reporting and I see no failed authentication attempts, just the successful authentifications by the laptops.

3 REPLIES 3
robert.riggle
Contributor

Ran the command: sh auth sessions; it came back with the MAC Address (unknown) and status as Running.  The MAC also doesnt show up under "sh mac address-table".

If I take the two commands out of the port configuration, the MAC Address show up on the table again.

Looks like the problem lies with the HP printer, not the switch config.  I changed the printer to DHCP, still not working.  Wend back to a static IP and then it worked.

This is going to be a hassel with over 50 sites to set this up at.

Robert,

What version are you using and what model switch are you running and what model printer is this not working for? Also the mac address table behavior is expected for devices that fail dot1x or mab, they do not get applied to the mac address table.

Also dhcp behavior is also expected it will not pull an ip address till the port has been authorized.

Can you run a debug dot1x packets (just to make sure there is not a supplicant enabled on the printer)

Also can you run a debug radius authentication while the process is started and post the output here, keep in mind to blurr out any sensitive information.

Also please let me know the full port configuration and show auth session int

Thanks,

Tarik Admani

Content for Community-Ad