05-01-2014 07:52 AM - edited 03-03-2019 07:22 AM
My organization has multiple 4500 series switches experiencing the same problem when attempting to authenticate devices via MAB. The issue is that the "show mab interface fax/x details" shows the Client MAC in a waiting status. The device is never sending the switch it's MAC in order to proceed with MAB authentication, so of course the port never forwards traffic. However, if we remove authentication port-control auto the port starts forwarding and the device gains connectivity. Below is the interface configuration command and the MAB details. The IOS version of this current switch is 15.0(2)SG8. Are we missing something special for a 4500 as far as configuration is concerned.
interface FastEthernet8/16
description USER
switchport access vlan 600
switchport mode access
switchport nonegotiate
duplex full
authentication host-mode multi-domain
authentication port-control auto
authentication periodic
mab
dot1x pae authenticator
dot1x timeout tx-period 5
end
SWITCH-4510R#sh mab interface fa8/16 details
MAB details for FastEthernet8/16
-------------------------------------
Mac-Auth-Bypass = Enabled
MAB Client List
---------------
Client MAC = Waiting
Session ID = 841AF6D100002931AF99B827
MAB SM state = ACQUIRING
Auth Status = UNAUTHORIZED