Users Guide

338 Authentication, Authorization, and Accounting

30 - Called Station ID — MAC address of device (xx:xx:xx:xx:xx:xx format)

31 - Calling Station ID — Switch MAC address

61 - NAS-Port-Type (Ethernet 15)

80 - Message Authenticator

87- NAS-Port-Id (such as Gigabitethernet 1/0/15)

79-EAP-Message

The format of the Calling-Station-ID for MAB clients may be altered using

the attribute 31 command. The format of the User-Name attribute for MAB

clients may be altered using the attribute 1 command.

By default, MAB clients are authenticated to the authentication server using

EAP-MD5. MAB clients may optionally be configured to use CHAP or PAP to

authenticate the MAB device. For CHAP or PAP, the following attributes are

sent to the RADIUS server:

1 - User-Name — MAC address of MAB device

2 - User Password (PAP only)

3 - CHAP-Password - = Encrypted MAC address (CHAP) only or

unencrypted (PAP) User Name

4 - NAS-IP-Address — IP address of the switch

5 - NAS-Port — switch internal port number (ifIndex)

6 - Service Type is set to 10 for MAB (Call-Check)

12 - Framed-MTU - port/switch MTU - header length (e.g. 1500)

30 - Called Station ID — MAC address of device (in xx:xx:xx:xx:xx:xx format)

31 - Calling Station ID — Switch MAC address

60 - CHAP Challenge (CHAP only)

61 - NAS-Port-Type (Ethernet 15)

80 - Message Authenticator

87 - NAS-Port-ID

NOTE: MAB initiates only after the dot1x guest VLAN period times out. If the client

responds to any of the EAPOL identity requests, MAB does not initiate for that

client.