Chapter 44
Configuring 802.1X Port-Based Authentication
Command
Step 7
Switch(config)# end
Step 8
Switch# show mab interface
interface-id details
Step 9
Switch# copy running-config
startup-config
Note
Removing a 802.1X MAB configuration from a port does not impact the authorized or authenticated
state of the port. If the port is in an unauthenticated state, it remains in that state. If the port is in an
authenticated state because of MAB, the switch reverts to the 802.1X Authenticator. If the port was
already authorized with a MAC address and the MAB configuration was removed, the port remains in
an authorized state until reauthentication occurs. At that time, if an 802.1X supplicant is detected on the
wire, the MAC address is removed.
This example shows how to enable MAB on Gigabit Ethernet interface 3/3 and to verify the
configuration:
Cisco IOS Release 12.2(50)SG and later
Switch# configure terminal
Switch(config)# interface gigabitethernet3/3
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# authentication port-control auto
Switch(config-if)# mab
Switch(config-if)# end
Switch# show mab int g3/3 details
MAB details for GigabitEthernet3/3
-------------------------------------
Mac-Auth-Bypass
MAB Client List
---------------
Client MAC
Session ID
MAB SM state
Auth Status
Cisco IOS Release 12.2(46)SG or earlier
Switch# configure terminal
Switch(config)# interface gigabitethernet3/3
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# dot1x port-control auto
Switch(config-if)# dot1x mac-auth-bypass
Switch(config-if)# end
Switch# show dot1x int g3/3 details
Dot1x Info for GigabitEthernet3/3
-----------------------------------
PAE
PortControl
ControlDirection
HostMode
ReAuthentication
OL-25340-01
Purpose
Returns to privileged EXEC mode.
(Optional) Verifies your entries.
(Optional) Saves your entries in the configuration file.
= Enabled
= 0001.0001.0001
= C0A8016F0000002304175914
= TERMINATE
= AUTHORIZED
= AUTHENTICATOR
= AUTO
= Both
= SINGLE_HOST
= Disabled
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
Configuring 802.1X Port-Based Authentication
44-59