Administrator Guide
Authentication, Authorization, and Accounting 239
console(config)#interface te1/0/4
console(config-if-Te1/0/4)#dot1x port-control mac-based
console(config-if-Te1/0/4)#dot1x mac-auth-bypass
console(config-if-Te1/0/4)#authentication order dot1x mab
console(config-if-Te1/0/4)#dot1x reauthentication
console(config-if-Te1/0/4)#exit
Configuration Example—MAB Client
This example shows how to configure a MAB client on interface Gi1/0/2 using
the IAS database for authentication.
1
Enter global configuration mode and create VLAN 3.
console#configure
console(config)#configure
console(config)#vlan 3
console(config-vlan3)#exit
2
Enable the authentication manager and globally enable 802.1x.
console(config)#authentication enable
console(config)#dot1x system-auth-control
3
Set IEEE 802.1x to use the local IAS user database.
console(config)#aaa authentication dot1x default ias
4
Configure the IAS database with the client MAC address as the user name
and password. The password MUST be entered in upper case or the
authentication will fail with an MD5 Validation Failure, as the MD5
password hashes would not match.
console(config)#aaa ias-user username F8B1562BA1D9
console(config-ias-user)#password F8B1562BA1D9
console(config-ias-user)#exit
5
Configure interface gi1/0/2 to use VLAN 3 in access mode.
console(config)#interface Gi1/0/2
console(config-ifGi1/0/2)#switchport access vlan 3
6
On the interface, configure the port to use MAC based authentication and
enable MAB. The authentication manager is configured to only use MAB
and the priority is set to MAB.
console(config-ifGi1/0/2)#dot1x port-control mac-based
console(config-ifGi1/0/2)#dot1x mac-auth-bypass
console(config-ifGi1/0/2)#authentication order mab
console(config-ifGi1/0/2)#authentication priority mab
console(config-ifGi1/0/2)#exit