Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Mac Authentication Bypass and Freeradius


Sorry i'm new to the forum.


I need some help figuring out how to enable mab ! I entered the following commands on the switch


aaa new-model

aaa authentication dot1x

dot1x system-auth-control

radius-server host IP

radius-server key KEY



interface G3/0/48

switchport mode access

authentication port-control auto

spanning-tree portfast

authentication host-mode single-host


authentication order mab dot1x




And on freeradius, I entered the Subnet address where all the switches are, I'm not using a database so the users file had something like this :


0008743e7a99 Auth-Type := "EAP", Cleartext-Password == 0008743e7a99  


Tunnel-Type = 13,                                           


Tunnel-Medium-Type = IEEE-802,                                


Tunnel-Private-Group-ID =4


( sorry dont have the file here left it at work )





and at the debug I get the message in the image!


I also made sure these lines exist in my files :


And I didnt delete the rest, what i did delete was a reject of the eap auth type at the top of /etc/raddb/sites-available/default file



and here's a small debug file my boss sent me but i don't know if it's relevent because he's trying to debug based on

a mac address that is not in the users file ( also joined to the message





So my question is.. What can I change to make the authentication Bypass Work??


I'd really like you to help me, I'm out of options and tutos... and english isn't my language so i'm havin a hard time understanding other forums



Did I mention I was a newbie?



- See more at:

  • LAN Switching and Routing
Everyone's tags (2)
New Member

This discussion has been

This discussion has been reposted to the LAN, Switching and Routing community.

This widget could not be displayed.