Filter
Top Products
DES-7200 Configuration Guide Chapter 4 802.1x Configuration
4-41
DES-7200# configure terminal
DES-7200(config)# interface fa 0/1
DES-7200(config-if)# dot1x port-control auto
DES-7200(config-if)# dot1x mac-auth-bypass
Caution
Use the format XXXXXXXXXXXX when setting the username and
keyword for the MAC address on the server.
With the port in the MAB mode, only one MAC address that firstly
found by the device can be used for the authentication.
One port for one MAC address authentication is supported in both
the port mode and the MAC mode.
Anytime when the client responses the 802.1x authentication, the
MAB on the port takes no effect unless the link state down/up
change occurs or the 802.1x function on the port is re-enabled.
The client online probe function takes no effect for the MAC
authentication in the MAB mode.
With MAB port configured, an authentication request packet is sent
at the interval of tx-period. After sending the packets for reauth-max
times, if there is no client response, the port enters to the MAB
mode. The port in the MAB mode can learn the MAC address and
use the learned MAC address as the username for the
authentication.
MAB supports the PAP, CHAP, EAP-MD5 authentication methods.
For how to configure the authentication method, see the chapter in
Authentication Method Configuration.
In the MAB mode, after the MAC address authentication failure, if
the guest vlan has been configured, the authentication port will
enter the guest vlan; if the guest vlan has not been configured, the
port stays in the original vlan. The MAB does not support auth-fail
VLAN, that is, even though the MAB authentication fails and the
auth-fail VLAN has been configured, the port will not enter the
auth-fail VLAN.
If one MAC address has passed the MAB authentication for one
port and it appears on other ports, the MAB violation will be set for
the latter port.
MAB cannot be co-used with the security channel.
The MAB authentication is invalid for the static address and the
filtering address.
The MAB authentication offers the access-auth service for the
device without the auth-client software. Those devices generally
cannot recognize the 802.1Q TAG labels. To this end, it is
recommended that the MAB-auth functon shall be set on the
ACCESS port. Otherwise, even though it passes the authentication,
the communication between the devices fails.