cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1066
Views
5
Helpful
4
Replies

MAB (mac-authentication-bypass) not working on CAT4506E platform

marce1000
VIP
VIP

 

 - Due to 'EOL-concerns' we are currently migrating our office switches from cat4500-Supervisor II+ hardware platform to cat4506e switches using supervisor ' Sup 7L-E 10GE'  ; IOS version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.05.03.E.

 I copied the running config from the old switches to the new platform quasi exactly ,of course changing stuff such was IP addr, hostname and a few other items.

It tuns out that on the new  platform MAB isn't working. Debugging MAB and AAA show nothing appearing in the logs. It seems that MAB just isn't started if something is connected to a user port. MAB simply seems dead.

It seems as if I am missing something fundamental. Concerns are , which license level do I need for MAB on this platform (for instance) ? Does anyone have other tips and tricks ? Note that radius-config  and port statements used make MAB work perfectly on the old switches.

Thanks ,

Marc.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
1 Accepted Solution

Accepted Solutions

nspasov
Cisco Employee
Cisco Employee

That chassis and sup definitley support MAB and you don't need a special license to run it.

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/compatibility/ise_sdt.html

I suspect a:

1. Configuraiton error

2. Bug

Can you post your AAA/dot1x configs here?

Also, 3.5.x of XE has been problematic. If possible you should go to 3.4.4

 

Thank you for rating helpful posts! 

 

View solution in original post

4 Replies 4

Rajeev Sharma
Cisco Employee
Cisco Employee

Hey Marc,

Check the link below:

www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1/XE_330SG/configuration/guide/config/dot1x.html#wp1203853

HTH.

regards,
RS.

 

  Hello  Rajeevsh , for us the sequence of MAB commands being used was not an argument since MAB was working on the old 4500.As Neno pointed out we downgraded to 3.4.4 and everyting worked fine since then!

 

Marc.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Thank you for the rating and for taking the time to come back and confirm the root cause of the issue (+5 from me).

nspasov
Cisco Employee
Cisco Employee

That chassis and sup definitley support MAB and you don't need a special license to run it.

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/compatibility/ise_sdt.html

I suspect a:

1. Configuraiton error

2. Bug

Can you post your AAA/dot1x configs here?

Also, 3.5.x of XE has been problematic. If possible you should go to 3.4.4

 

Thank you for rating helpful posts! 

 

Review Cisco Networking for a $25 gift card