Authentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) – MAC Authentication Bypass [Cisco IOS XE 3SE] – Cisco

Authentication authorization and accounting configuration guide, cisco ios release 12.4 – configuring mac authentication bypass [support]

This feature grants network access to devices based on MAC address regardless of 802.1x capability or credentials.

The following commands were introduced or modified: authenticationperiodic, authenticationport-control,authenticationtimerinactivity, authenticationtimerreauthenticate, authenticationtimerrestart,authenticationviolation, debugauthentication, mab,showauthenticationinterface, showmab, showauthenticationregistrations, showauthenticationsessions.

Configuration examples for configuring mac authentication bypass

This section contains the following example:

Authentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoExample: Standalone MAB Configuration

Contents

Authentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoPrerequisites for Configuring MAC Authentication BypassAuthentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoInformation About Configuring MAC Authentication BypassAuthentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoHow to Configure Configuring MAC Authentication BypassAuthentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoConfiguration Examples for Configuring MAC Authentication BypassAuthentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoAdditional ReferencesAuthentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoFeature Information for Configuring MAC Authentication Bypass

Enabling reauthentication on a port

By default, ports are not automatically reauthenticated. You can enable automatic reauthentication and specify how often reauthentication attempts are made.

Example: standalone mab configuration

The following example shows how to configure standalone MAB on a port. In this example, the client is reauthenticated every 1200 seconds and the connection is dropped after 600 seconds of inactivity. 

enable

 configure terminal

  interface GigabitEthernet2/1

   switchport

   switchport mode access

   switchport access vlan 2

   authentication port-control auto

   mab

   authentication violation shutdown 

   authentication timer restart 30 

   authentication periodic 

   authentication timer reauthenticate 1200 

   authentication timer inactivity 600

Feature information for configuring mac authentication bypass

Table 1 lists the features in this module and provides links to specific configuration information.

Finding feature information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the “Feature Information for Configuring MAC Authentication Bypass” section.

How to configure configuring mac authentication bypass

This section contains the following tasks:

Authentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoEnabling MAC Authentication BypassAuthentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoEnabling Standalone MABAuthentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoEnabling Reauthentication on a PortAuthentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoSpecifying the Security Violation Mode

Information about configuring mac authentication bypass

Authentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoOverview of the Cisco IOS Auth ManagerAuthentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoStandalone MAB

Overview of the cisco ios auth manager

The capabilities of devices connecting to a given network can be different, thus requiring that the network support different authentication methods and authorization policies. The Cisco IOS Auth Manager handles network authentication requests and enforces authorization policies regardless of authentication method.

The possible states for Auth Manager sessions are as follows:

Authentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoAuthentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoAuthentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoAuthentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoAuthentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoAuthentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - CiscoAuthentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - Cisco

Prerequisites

Before you can configure standalone MAB, the switch must be connected to a Cisco Secure ACS server and RADIUS authentication, authorization, and accounting (AAA) must be configured.

Prerequisites for configuring mac authentication bypass

IEEE 802.1x—Port-Based Network Access Control

Restrictions

Standalone MAB can be configured on switched ports only—it cannot be configured on routed ports.

Security configuration guide, cisco ios release 15.2(7)ex (catalyst 2960-l switches) – mac authentication bypass [support]

A MAC Authentication Bypass (MAB) operation involves authentication using RADIUS Access-Request packets with both the username
and password attributes. By default, the username and the password values are the same and contain the MAC address. The Configurable
MAB Username and Password feature enables you to configure both the username and the password attributes in the following
scenarios:

The Configurable MAB Username and Password feature allows interoperability between the Cisco IOS Authentication Manager and
the existing MAC databases and RADIUS servers. The password is a global password and hence is the same for all MAB authentications
and interfaces. This password is also synchronized across all supervisor devices to achieve high availability.

If the password is not provided or configured, the password uses the same value as the username. The table below describes
the formatting of the username and the password:

MAC AddressUsername Format (Group Size, Separator)UsernamePassword ConfiguredPassword Created
08002b8619de

(1, 🙂

(1, -)

(1, .)

0:8:0:0:2:b:8:6:1:9:d:e

0-8-0-0-2-b-8-6-1-9-d-e

0.8.0.0.2.b.8.6.1.9.d.e

None

0:8:0:0:2:b:8:6:1:9:d:e

0-8-0-0-2-b-8-6-1-9-d-e

0.8.0.0.2.b.8.6.1.9.d.e

08002b8619de

(1, 🙂

(1, -)

(1, .)

0:8:0:0:2:b:8:6:1:9:d:e

0-8-0-0-2-b-8-6-1-9-d-e

0.8.0.0.2.b.8.6.1.9.d.e

PasswordPassword
08002b8619de

(2, 🙂

(2, -)

(2, .)

08:00:2b:86:19:de

08-00-2b-86-19-de

08.00.2b.86.19.de

None

08:00:2b:86:19:de

08-00-2b-86-19-de

08.00.2b.86.19.de

08002b8619de

(2, 🙂

(2, -)

(2, .)

08:00:2b:86:19:de

08-00-2b-86-19-de

08.00.2b.86.19.de

PasswordPassword
08002b8619de

(4, 🙂

(4, -)

(4, .)

0800:2b86:19de

0800-2b86-19de

0800.2b86.19de

None

0800:2b86:19de

0800-2b86-19de

0800.2b86.19de

08002b8619de

(4, 🙂

(4, -)

(4, .)

0800:2b86:19de

0800-2b86-19de

0800.2b86.19de

PasswordPassword
08002b8619de(12, <not applicable>)08002b8619deNone08002b8619de
08002b8619de(12, <not applicable>)08002b8619dePasswordPassword

Specifying the security violation mode

When there is a security violation on a port, the port can be shut down or traffic can be restricted. By default, the port is shut down. You can configure the period of time for which the port is shut down.

Summary steps

1. Authentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - Ciscoenable 2. Authentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - Ciscoconfigureterminal 3. Authentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - Ciscointerface typeslot/port 4. Authentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - Ciscoswitchport 5. Authentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - Ciscoswitchportmodeaccess 6. Authentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - Ciscoauthentication port-control auto 7. Authentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - Ciscomab [eap] 8. Authentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - Ciscoauthentication violation {restrict | shutdown} 9. Authentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - Ciscoauthentication timer restart seconds 10. Authentication Authorization and Accounting Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - MAC Authentication Bypass [Cisco IOS XE 3SE] - Ciscoend

Похожее:  Заблокировать карту альфа-банк: способы - телефон, интернет, приложение, смс, в отделении банка, как разблокировать, как закрыть карту и счет, как восстановить?

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *