Users Guide
Authentication, Authorization, and Accounting 285
4
On the interface, enable MAC based authentication mode, enable MAB,
and set the order of authentication to 802.1X followed by MAC
authentication. Configure the switch to send CHAP attributes to the
RADIUS server. Set the format of the User-Name sent to the RADIUS
server to XXXX.XXXX.XXXX. Also enable periodic re-authentication.
console(config)#mab request format attribute 1 groupsize 4
separator . uppercase
console(config)#vlan 2
console(config-vlan2)#interface gi1/0/4
console(config-if-Gi1/0/4)#switchport mode general
console(config-if-Gi1/0/4)#switchport general pvid 2
console(config-if-Gi1/0/4)#dot1x port-control mac-based
console(config-if-Gi1/0/4)#mab
console(config-if-Gi1/0/4)#default mab chap
console(config-if-Gi1/0/4)#authentication order dot1x mab
console(config-if-Gi1/0/4)#dot1x reauthentication
console(config-if-Gi1/0/4)#exit
Configuration Example—MAB Client
This example shows how to configure a MAB client on interface Gi1/0/2 using
the IAS database for authentication.
1
Enter global configuration mode and create VLAN 3.
console#configure
console(config)#configure
console(config)#vlan 3
console(config-vlan3)#exit
2
Enable the authentication manager and globally enable 802.1x.
console(config)#authentication enable
console(config)#dot1x system-auth-control
3
Set IEEE 802.1x to use the local IAS user database.
console(config)#aaa authentication dot1x default ias
4
Configure the IAS database with the client MAC address as the user name
and password. The password MUST be entered in upper case or the
authentication will fail with an MD5 Validation Failure, as the MD5
password hashes would not match.
console(config)#aaa ias-user username F8B1562BA1D9
console(config-ias-user)#password F8B1562BA1D9
console(config-ias-user)#exit