Thursday, November 30, 2017

Dell MAB Authenticating regardless of valid credentials?

Hi! I've recently started working on a new stack of Dell N3048P's for my company. They want to implement dot1x on the switches but in order for printers and other dot1x unaware devices, I was looking into MAB.

The switches are already set to authenticate on a RADIUS server in WS2k12, which is then linked to an AD domain. When I used MAB on an interface, I have two problems:

Firstly, if the device is shown as authorized, it still gets tossed into the unauthorized VLAN.

Second, with MAB enabled, any device that connects to those ports is shown as authorized, regardless of if there are matching credentials in AD or not. This is an example config of one of the MAB switch ports:

interface Gi3/0/48

switchport mode general

switchport general allowed vlan add 20

dot1x port-control mac-based

dot1x reauthentication

dot1x unauth-vlan 20

dot1x mac-auth-bypass

authentication order mab dot1x

authentication priority mab dot1x

VLAN 20 is the guest network while VLAN 1 is the trusted network.

Any suggestions? Thanks!



No comments:

Post a Comment