802.1X Mac Authentication Bypass (MAB)

First, configure the interface which is connected to the endpoint, previously we configured the interface as below:

SW(config)#int gi1/0/2

SW(config-if)#switchport mode access
SW(config-if)#authentication host-mode multi-auth
SW(config-if)#authentication open
SW(config-if)#dot1x pae authenticator
SW(config-if)#dot1x timeout tx-period 10
SW(config-if)#authentication port-control auto
SW(config-if)#authentication periodic
SW(config-if)#authentication timer reauthenticate server

Now, add this configuration for the interface:

SW(config-if)#mab
SW(config-if)#authentication order mab dot1x
SW(config-if)#authentication priority dot1x mab

so the result:

SW#sh authentication sessions int gi1/0/2

Interface MAC Address Method Domain Status Fg Session ID
———————————————————————-
Gi1/0/2 b8ca.3a7e.0f5a N/A UNKNOWN Unauth C0A80AFC00000FB4034126C2

Key to Session Events Blocked Status Flags:

A – Applying Policy (multi-line status for details)
D – Awaiting Deletion
F – Final Removal in progress
I – Awaiting IIF ID allocation
N – Waiting for AAA to come up
P – Pushed Session
R – Removing User Profile (multi-line status for details)
U – Applying User Profile (multi-line status for details)
X – Unknown Blocker

Runnable methods list:
Handle Priority Name
16 5 dot1x
18 10 mab
21 15 webauth
–More–

 

And if you check on the ISE:

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *