802.1x: MAC Authentication Bypass

Difan Zhao · ‎12-18-2009

Hey sorry for keeping bugging you guys...

So I am configuring this Bypass thing on my 3750 switch. It works fine. It seems the switch will send a access request to the radius server (I use FreeRadius) with the username/password both as the MAC address of the deivce.

However my dilema is that I have 200+ these devices. I can easily create a user group with MAC starting with 00a008 (which are the first 3 octets of the MAC addresses), however it's impossible to include each of the MAC address as the password!

So my question is that whether there is a way to configure the switch use a static string as the password for all the devices using MAC Authentication Bypass?

Thank you!!

Difan

Jatin Katyal · ‎12-19-2009

Difan:

I went through your post and understand that you are in a process of configuring 802.1x with MAB in such way so that you use custom password (except Mac address) for all users OR shared password string that should be sent by the switch but this is not possible.

Reason: Switch only send the device Mac address as the username and password. The user name should be the mac address of the client and the password should be same as username and this can't be change on cisco switches.

I have also attached a document regarding MAB for your better understanding.

This forum is only for you guys...keep bugging us

HTH

JK

Pls rate helpful posts-

~Jatin

Difan Zhao · ‎12-19-2009

Hey JK, thank you very much for breaking my hope so straight forward lol

I guess I need to find a way to do it on my radius server then...\