Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1031
Views
0
Helpful
4
Replies

MAC Address Bypass with multi-auth option

lauren7129
Level 1
Level 1

‎04-10-2015 09:07 PM - edited ‎03-07-2019 11:29 PM

Hi,

Does anybody know if Cisco support multi-auth option with MAC Address Bypass? If it does, how many host is the maximum limit on one port?

 

Thanks!

Labels:
0 Helpful
4 Replies 4

Chris Dixon
Level 1
Level 1

‎04-13-2015 06:57 AM

Hi, 

 

Can you elaborate on what youre trying to achieve?

I've set up mab in the past alongside multi domain dot1x to allow IP phones to use mab to authenticate to VOICE domain while PC uses dot1x to authenticate to DATA domain

 

0 Helpful

lauren7129
Level 1
Level 1
In response to Chris Dixon

‎04-13-2015 09:32 AM

Hi,

Thanks for responding. I am trying to do host authentication for PC users on wired networks. The problem is some of these PCs are connected to non-managed hub/switch. So, I need to enable the MAB on a switch port that in turn is connected to several PCs (via the non-managed hub), not just one. Hence, I need multi-auth option, so each PCs will be authenticated independently. I know multi-auth is supported for 802.1x, but is it also supported for MAB? And if it is supported, is there any limit on the number of PCs/host per port?

0 Helpful

Chris Dixon
Level 1
Level 1
In response to lauren7129

‎04-14-2015 04:42 AM

Hi, 

 

I *think* it should work as in you can authenticate multiple client PCs with MAB however  there is a more important aspect to consider.

Bear in mind this is not  secure given that anyone can spoof a mac address and having unmanaged switches or worse hubs (where did you find one of those in this day and age?!) connected to your switching infrastructure is a big risk in itself you open up possibility of misbehaving device bringing your network down, loops where someone connects 2 user ports together with one of these unmanaged devices, traffic sniffing.... and probably many other security and stability risks - in short I'd pay whatever it costs to get the cabling people back in and run wires to wherever you need more ports, buy more managed switches for the comms cabinet if need be and scrap the unmanaged switches or hubs asap. 

0 Helpful

Chris Dixon
Level 1
Level 1
In response to lauren7129

‎04-14-2015 04:43 AM

Hi, 

 

I *think* it should work as in you can authenticate multiple client PCs with MAB however  there is a more important aspect to consider.

Bear in mind this is not  secure given that anyone can spoof a mac address and having unmanaged switches or worse hubs (where did you find one of those in this day and age?!) connected to your switching infrastructure is a big risk in itself you open up possibility of misbehaving device bringing your network down, loops where someone connects 2 user ports together with one of these unmanaged devices, traffic sniffing.... and probably many other security and stability risks - in short I'd pay whatever it costs to get the cabling people back in and run wires to wherever you need more ports, buy more managed switches for the comms cabinet if need be and scrap the unmanaged switches or hubs asap. 

0 Helpful
Customers Also Viewed These Support Documents