Hi all,

i´ve a very annoying problem that is keeping me busy for a while and maybe one of you can help me :)

We´re using 802.1x authentication with MAB (and dynamic VLAN assignment) for quite a while now and nearly everything is working well except this:

We have some "very stupid" network devices that are not even able to use DHCP or other network management things. It´s just possible to configure a static IP and gateway for those devices and thats all.

Now everytime when these devices should be authenticated via MAB it fails because the switch (Cisco 2960) is not able to determine the devices MAC-Address and stays with "unknown MAC"

We have already set the option "authentication control-direction in" on every switchport because we use Wake on LAN.

The only way to get this device authenticated is to set the default VLAN of the interface the target VLAN the device has it´s static IP-Address in. Thats because when i do this i can ping the device which causes a "who has X.X.X.X" -> which causes a broadcast -> the broadcast reaches the device because of the option "authentication control-direction in" -> the device notices "hey, I´m the one with that IP" and causes the device to send an answer to the switch interface which is then able to learn the MAC and authenticate it.

--> If i do not change the default-VLAN of the interface to the devices VLAN where it should be authenticated to, the device won´t receive the broadcast that is caused by my ping because the port is member of another network.

Puhhh.. that´s a hard one, isn´t it?? :)

Okay, now my question is - Is there anything that i can do that my switch learns the MAC-Address of this stupid device that does not send any traffic to the switch? I don´t want to change the default VLAN of all the affected ports :((

Maybe a port-configuration that forces the associated device to talk to the switch?

Thanks a lot!