Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Silver

MAB (mac-authentication-bypass) not working on CAT4506E platform

 

 - Due to 'EOL-concerns' we are currently migrating our office switches from cat4500-Supervisor II+ hardware platform to cat4506e switches using supervisor ' Sup 7L-E 10GE'  ; IOS version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.05.03.E.

 I copied the running config from the old switches to the new platform quasi exactly ,of course changing stuff such was IP addr, hostname and a few other items.

It tuns out that on the new  platform MAB isn't working. Debugging MAB and AAA show nothing appearing in the logs. It seems that MAB just isn't started if something is connected to a user port. MAB simply seems dead.

It seems as if I am missing something fundamental. Concerns are , which license level do I need for MAB on this platform (for instance) ? Does anyone have other tips and tricks ? Note that radius-config  and port statements used make MAB work perfectly on the old switches.

Thanks ,

Marc.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

That chassis and sup

That chassis and sup definitley support MAB and you don't need a special license to run it.

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/compatibility/ise_sdt.html

I suspect a:

1. Configuraiton error

2. Bug

Can you post your AAA/dot1x configs here?

Also, 3.5.x of XE has been problematic. If possible you should go to 3.4.4

 

Thank you for rating helpful posts! 

 

Thank you for rating helpful posts!
4 REPLIES

Hey Marc,Check the link below

Hey Marc,

Check the link below:

www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1/XE_330SG/configuration/guide/config/dot1x.html#wp1203853

HTH.

regards,
RS.

Silver

   Hello  Rajeevsh , for us

 

  Hello  Rajeevsh , for us the sequence of MAB commands being used was not an argument since MAB was working on the old 4500.As Neno pointed out we downgraded to 3.4.4 and everyting worked fine since then!

 

Marc.

Cisco Employee

Thank you for the rating and

Thank you for the rating and for taking the time to come back and confirm the root cause of the issue (+5 from me).

Thank you for rating helpful posts!
Cisco Employee

That chassis and sup

That chassis and sup definitley support MAB and you don't need a special license to run it.

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/compatibility/ise_sdt.html

I suspect a:

1. Configuraiton error

2. Bug

Can you post your AAA/dot1x configs here?

Also, 3.5.x of XE has been problematic. If possible you should go to 3.4.4

 

Thank you for rating helpful posts! 

 

Thank you for rating helpful posts!
129
Views
5
Helpful
4
Replies
CreatePlease to create content