Reset Search
 

 

Article

How to configure MAC Authentication Bypass on 200-Series switches

« Go Back

Information

 
TitleHow to configure MAC Authentication Bypass on 200-Series switches
Objective
How to configure MAC authentication Bypass (MAB) on a 200-Series switch
Environment
  • 200-Series
  • All firmware versions
  • MAB authentication
  • 802.1x  authentication
  • Radius
  • RFC3580
Procedure
Ports to run MAB will be configured as:-
 
interface 0/10
authentication order  mab
authentication priority  mab
dot1x port-control mac-based
dot1x mac-auth-bypass

The uplink port or ports not requiring authentication should be configured as:-
 
interface 0/24
dot1x port-control force-authorized
exit

Configuration for the Radius Server:-
 
authentication enable
dot1x system-auth-control
aaa authentication dot1x default radius
authorization network radius
dot1x dynamic-vlan enable
radius server host auth "10.152.39.170" name "lab36"
radius server key auth "10.152.39.170" encrypted 0b0a6a199598dc5d10a9bda7a97020cab80311411c6e52a5f2380a0a7bbbc69c1e68763aca62a3b180cbe7da5f256e906c76771a3131e20c6788302a8bed9d18
radius server attribute 4 10.152.0.62
line console
exit

Verification commands:-
 
Extreme 210) #show dot1x authentication-history 0/10
(Extreme 210) #show dot1x authentication-history 0/10 detail
(Extreme 210) #show dot1x clients 0/10
(Extreme 210) #show dot1x detail 0/10
(Extreme 210) #show dot1x statistics 0/1
Extreme 210) #show dot1x summary all

(Extreme 210) #show dot1x detail 0/10

Port........................................... 0/10
Protocol Version............................... 1
PAE Capabilities............................... Authenticator
Control Mode................................... mac-based
Quiet Period (secs)............................ 60
Transmit Period (secs)......................... 30
Guest VLAN ID.................................. 0
Guest VLAN Period (secs)....................... 90
Supplicant Timeout (secs)...................... 30
Server Timeout (secs).......................... 30
Maximum Requests............................... 2
Configured MAB Mode............................ Enabled
Operational MAB Mode........................... Enabled
Reauthentication Period (secs)................. 3600
Reauthentication Enabled....................... False
Key Transmission Enabled....................... False
Control Direction.............................. both
Maximum Users.................................. 48
Unauthenticated VLAN ID........................ 0


 Logical Port  Supp MacAddress    AuthPAE State       Backend State  VLAN Assigned
 ------------  -----------------  ------------------  -------------  ---- -------- --
 432           54:EE:75:10:55:F7   Authenticated      Idle           1    RADIUS



 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255