f = 1/T
f = 1/T

MAC Authentification Bypass

MAB = MAC Authentification Bypass

This the security metho that authenticate everything you connect to your switchport.This could provide security to your end device that do not support 802.1x.

The Switch examines the single packet to learn and authenticate the source MAC address.

If switchport is configured to use MAB authentication, this port will not pass traffic when they come up until the device is authenticated. After the authentication success, the endpoint traffic is then allowed.


To configure a switch to enable the authentication process for MA:

Switch-Home1(config)# dot1x system-auth-control
Switch-Home1(config)# aaa new-model
Switch-Home1(config)# ip device tracking


The following configures a switchport to do MAB for any device connecting to it:

Home1(config)# interface Gig0/1
Home1(config-if)# authentication port-control auto (This line enable authentication MAB or dot1x)
Home1(config-if)# mab (This enables MAB on the  port)
Home1(config-if)# authentication order mab (This command is important if you have MAB and dot1x  are configured, but you do need MAB to be used)


To make MAB to work, you do need to configure also AAA authentication method, as well as Radius server


Home1(config)# aaa authentication dot1x default group radius
Home1(config)# radius host <your server ip address> key  Cisco123 <your shared secret>


for more information about MAB: