03-13-2023 05:34 AM
A customer of mine has bought some CBS250 switches because they want to migrate away from Aruba. Their old switches are setup for 802.1x with fallback to MAB. The option to use MAB seems to be missing on CBS250. It was available on the SG250 according to the documentation, so that seems like a bit of a regression. Am I missing something or has the feature indeed been dropped?
03-13-2023 06:00 AM
as per the admin guide it supported : (page 300) - may check the latest firmware update and check (if not upgraded already)
03-13-2023 06:37 AM
Thanks for the quick response. That was my reading as well, but when comparing the commands available on the 250 (running newest firmware) vs 350 (not even on the newest version) reveals that something is missing.
The top picture is from a 350 and in the interface context it gives the option for the "dot1x authentication" command and the ability to chose between the different methods.
The lower image is from a 250 where the "dot1x" command is present but the "authentication" part is missing. Certificate-based authentication is indeed running and works, but MAB doesn't.
03-14-2023 02:07 PM
Hi,
MAB or MAC authentication bypass is not a supported feature on CBS switches.
03-14-2023 03:16 PM
I beg to differ. As shown in the screenshot it is running on the CBS 350 model, and according the the documentation linked by balaji.bandi, it is mentioned as a supported feature on CBS 250 as well. Missing features is a problem, because I (a Cisco partner) look like an idiot when I recommend Cisco gear to a client, while I could not have imagined that features from the SG series had been removed.
03-14-2023 09:52 PM
Hi,
Where it is mentioned as a supported feature in CBS250? Where in page 300 from the ag https://www.cisco.com/c/en/us/td/docs/switches/lan/csbms/CBS_250_350/Administration-Guide/cbs-250-ag.pdf it is mentioned for a MAC Authentication Bypass?
The screenshot is showing just the MAC-based authentication which has nothing to do with the MAB. MAB is supported by Cisco IOS https://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/15-2mt/sec-config-mab.html#GUID-85A51579-965E-45BD-8250-C527DD3DB83C
03-14-2023 11:33 PM
We are getting a bit into semantics here. I'm aware that MAB is the term used in Cisco classic equipment, but I used it as a shorthand for MAC authentication done via RADIUS which is what we need.
So to put it another way: How does one configure the MAC authentication feature mentioned on page 300 in the CBS250 configuration guide?
03-17-2023 05:52 AM
Any ideas on how to configure the feature?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide