Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

802.1x authentication with mac address

Hi guys,

there is a strange requirement from one of our customer,

they want us to do 802.1x with mac address authentication and they dont want the pop-ups which ask

for username, password and domain.

is it possible??

can i avoid popping up the username password with 802.1x and that too with mac address???

Any help would be greatly appreciated

Thanks

Jvalin

4 REPLIES
New Member

Re: 802.1x authentication with mac address

Hi,

The feature which you are looking for is possible in case of wired 802.1x. This feature is called as the MAC-Auth Bypass and is done mostly if the client machine is not 802.1x capable. However nowerdays it is used even if the machine is 802.1x capable.In this we enter the MAC address of the machine in the user database e.g. Active Directory. When you connect the client machine to the Switch, if we have MAC-Auth Bypass enabled on the port, it would take the MAC address of the machine as the username without any prompt for username and password.

A windows server admin can easily push a group policy which disables the 802.1x on the client machine and it would only respond to the MAC-Auth Bypass.But first you would have to make sure your switch has the Mac-Auth Bypass in the IOS.

For more information, you can go to http://www.cisco.com/univercd/cc/td/doc/solution/macauthb.pdf

Regards,

Kush

New Member

Re: 802.1x authentication with mac address

So Kush,

is it necessary for me to configure the commands for 802.1x on the port or only macauth bypass??

New Member

Re: 802.1x authentication with mac address

Hi,

Yes you would have to configure the 802.1x on the switch and on the port.

To enable the 802.1x globally on the switch, enter the command "dot1x system-auth-control"

On the interface type the following commands:

- dot1x port-control auto.

- dot1x mac-auth-bypass.

Regards,

Kush

New Member

Re: 802.1x authentication with mac address

kush,

I got your idea,

but the link which you pasted, in that it is being said that MAB will start only when 802.1x timeouts.

also it wud take 90 seconds for the users to get access.

one more sentence has been written that the port on which a user has been authenticated through mac bypass,

if other user tries to connect on the same port it is considered as security violation.

do you have any idea on this??

Regards,

Jvalin

1550
Views
0
Helpful
4
Replies
CreatePlease to create content