Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

dot1x MAB without eapol msgs?

Currently we are using .1x with mac-auth-bypass and only that; we have no .1x capable clients.

We use the following portconfig:

dot1x mac-auth-bypass

dot1x pae authenticator

dot1x port-control auto

dot1x timeout tx-period 1

dot1x max-reauth-req 1

So we have 2 times a timeout of 1 second, and then the MAB kicks in - ACS provides the vlan and that's it - it works, but with an unnessesary 2s timeout.

BUT, the following Cisco diagram suggest an alternative approach.

http://www.cisco.com/en/US/i/200001-300000/220001-230000/221001-222000/221113.jpg

Is it possible to bypass the .1x timeout, so that the authenticator doens't wait 1s for eapol msgs any more and jumps directly to waiting for a MAC address to perform MAB? If so, I haven't found a command yet.

thanks.

333
Views
0
Helpful
0
Replies