dot1x port authentication based on MAC?

Unanswered Question
Nov 12th, 2009
User Badges:

Is it possible to use dot1x to enable/shutdown a port based on the MAC address of the connected device?

The situation is that port-security is not really an option. I must retain some flexibility in where computers end up physically in the network. With that in mind, I cannot statically assign a MAC to a switchport (port-security).

I would like to be able to specify a MAC address whitelist that dot1x could use to authenticate a device.

I was reading the 3750 dot1x config guide which suggests that "MAC Authentication Bypass" might be what I am looking for.

Any advice is appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
VLA_WeyBridge_2 Fri, 11/20/2009 - 04:10
User Badges:

Well yes you could do it this way.

using mac bypass will use the macaddress as the username and passowrd for the dot1x authentication process.

So then its a case of setting up your Radius Tacacus+ or what ever other authentication you are using to deal with this.

In the case of AD intergration you can simpley create a user name with the mac address as username and password.

once you have your username setup (with what ever system is doing the authentication) you can then open/shut the port as you wish.

Does that help ?


This Discussion