dot1x MAB without eapol msgs?

Unanswered Question
Jun 8th, 2010
User Badges:

Currently we are using .1x with mac-auth-bypass and only that; we have no .1x capable clients.

We use the following portconfig:


dot1x mac-auth-bypass

dot1x pae authenticator

dot1x port-control auto

dot1x timeout tx-period 1

dot1x max-reauth-req 1

So we have 2 times a timeout of 1 second, and then the MAB kicks in - ACS provides the vlan and that's it - it works, but with an unnessesary 2s timeout.

BUT, the following Cisco diagram suggest an alternative approach.

http://www.cisco.com/en/US/i/200001-300000/220001-230000/221001-222000/221113.jpg

Is it possible to bypass the .1x timeout, so that the authenticator doens't wait 1s for eapol msgs any more and jumps directly to waiting for a MAC address to perform MAB? If so, I haven't found a command yet.

thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion