How to Configure Standalone MAC Authentication Bypass (MAB) l 802.1X

TIMESTAMPS:
0:00 Introduction
2:50 Summary steps
4:40 Verification commands
5:50 Conclusion

How to Configure Standalone MAC Authentication Bypass (MAB) and Single-Host Mode(default) l 802.1X

Standalone MAC Authentication Bypass (MAB) is an authentication method that grants network access to specific MAC addresses regardless of 802.1X capability or credentials.
As a result, devices such as cash registers, fax machines, and printers can be readily authenticated, and network features that are based on authorization policies can be made available.

Before standalone MAB support was available, MAB could be configured only as a failover method for 802.1x authentication.
Standalone MAB is independent of 802.1x authentication.

MAC Authentication Bypass(MAB) uses the MAC address of the connecting device to grant or deny network access. To support MAB, the RADIUS authentication server maintains a database of MAC addresses for devices that require access to the network. MAB generates a RADIUS request with a MAC address in the Calling-Station-Id (attribute 31) and with a Service-Type (attribute 6) 10. After a successful authentication, the Auth Manager enables various authorization features specified by the authorization policy, such as ACL assignment and VLAN assignment.

SUMMARY STEPS
conf t
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
!
radius server RADIUS_SERVER
address ipv4 10.10.10.2 auth-port 1812 acct-port 1813
key radiuspass
!
interface g0/0
switchport mode access
authentication port-control auto
mab
end
wr

VERIFICATION:
debug authentication
debug mab all
show authentication registrations
show authentication sessions interface GigabitEthernet 0/0
show mab all

🔔 Subscribe to my YouTube channel:

📃Playlist of all my videos on 802.1X:

References:

#cisco #ccna #ccnp #ccie