Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

MAC and username

Dear all

we have a large network and the policy of company is combination of MAC address + username (dot1X)

Do we have any kind of solution for combination of mac address and username on our switch?

I mean when the computer plug to the port , it checks for mac address and username both is same time

thank you

1 REPLY
Silver

Re: MAC and username

Hello,

When you implement Wired 802.1x the flow should be as follows:

1) Plug the machine to the switchport.

2) The switch sends an EAPoL Start message.

2.1) If the machine is 802.1x compliant (supports EAP methods) the EAP negotion will start. The machine will be prompt for username/password (PEAP) or the appropriate certificate (EAP-TLS).

2.2) If the machine is not 802.1x compliant (does not support EAP) then the Switch EAPoL start will time out.

3) The switch configuration will detect the EAPoL timeout and "fallback" to the next configured method, which in this case, should be MAB.

4) The machine that failed to respond the EAPoL Start will then provide username/password both as the device MAC Address. MAB credentials will be passed to the authentication server for validation.

NOTE: 802.1x and MAB will never occur at the same time for the same machine/device.

Please refer to the attached .pdf file for additional information.

If this was helpful please rate.

Regards.

464
Views
0
Helpful
1
Replies