Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

dot1x port authentication based on MAC?

Is it possible to use dot1x to enable/shutdown a port based on the MAC address of the connected device?

The situation is that port-security is not really an option. I must retain some flexibility in where computers end up physically in the network. With that in mind, I cannot statically assign a MAC to a switchport (port-security).

I would like to be able to specify a MAC address whitelist that dot1x could use to authenticate a device.

I was reading the 3750 dot1x config guide which suggests that "MAC Authentication Bypass" might be what I am looking for.

Any advice is appreciated.

1 REPLY
New Member

Re: dot1x port authentication based on MAC?

Well yes you could do it this way.

using mac bypass will use the macaddress as the username and passowrd for the dot1x authentication process.

So then its a case of setting up your Radius Tacacus+ or what ever other authentication you are using to deal with this.

In the case of AD intergration you can simpley create a user name with the mac address as username and password.

once you have your username setup (with what ever system is doing the authentication) you can then open/shut the port as you wish.

Does that help ?

543
Views
0
Helpful
1
Replies
CreatePlease to create content