dot1x MAB without eapol msgs?

Unanswered Question
Jun 8th, 2010
User Badges:

Currently we are using .1x with mac-auth-bypass and only that; we have no .1x capable clients.

We use the following portconfig:

dot1x mac-auth-bypass

dot1x pae authenticator

dot1x port-control auto

dot1x timeout tx-period 1

dot1x max-reauth-req 1

So we have 2 times a timeout of 1 second, and then the MAB kicks in - ACS provides the vlan and that's it - it works, but with an unnessesary 2s timeout.

BUT, the following Cisco diagram suggest an alternative approach.

Is it possible to bypass the .1x timeout, so that the authenticator doens't wait 1s for eapol msgs any more and jumps directly to waiting for a MAC address to perform MAB? If so, I haven't found a command yet.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion