Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

How to configure 802.1X authentication based on the MAC address


Complete these steps in order to configure 802.1x authentication on the switch:

  • Go into the interfaces connected to the clients using "interface interface_id" command and configure the following

  • In the case of Microsoft Windows XP client, for MAC authentication to work, disable the client in order to send an EAP request, so that switch can consider it as agentless host, and initiates the MAC authentication bypass process. This is the registry fix on Windows XP test machine:


  • Create an AAA client entry for the switch in ACS from the Network Configuration section. Use RADIUS as the authentication protocol.

  • On ACS, create an account for the client, based on its MAC address. For example, if the MAC address of the client is 00-15-C5-3A-E4-0D "

    Username : 0015c53ae40d
    Password : 0015c53ae40d

Note:  Ensure that ACS is does not hit Cisco bug ID CSCsh62641.

Refer to the Using IEEE 802.1x Authentication with MAC Authentication Bypass section of Configuring IEEE 802.1x Port-Based Authentication for more information.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 05:05 PM
Updated by:
Labels (1)