Hi! I've recently started working on a new stack of Dell N3048P's for my company. They want to implement dot1x on the switches but in order for printers and other dot1x unaware devices, I was looking into MAB.
The switches are already set to authenticate on a RADIUS server in WS2k12, which is then linked to an AD domain. When I used MAB on an interface, I have two problems:
Firstly, if the device is shown as authorized, it still gets tossed into the unauthorized VLAN.
Second, with MAB enabled, any device that connects to those ports is shown as authorized, regardless of if there are matching credentials in AD or not. This is an example config of one of the MAB switch ports:
interface Gi3/0/48
switchport mode general
switchport general allowed vlan add 20
dot1x port-control mac-based
dot1x reauthentication
dot1x unauth-vlan 20
dot1x mac-auth-bypass
authentication order mab dot1x
authentication priority mab dot1x
VLAN 20 is the guest network while VLAN 1 is the trusted network.
Any suggestions? Thanks!
No comments:
Post a Comment