MJ, You're correct,
mab is a cisco invented hybrid of mac authentication and 802.1x, so 802.1x is a prerequisite for mab. - http://en.wikipedia.org/wiki/IEEE_802.1X#MAB_.28MAC_Authentication_Bypass.29 - http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/config_guide_c17-663759.html#wp9000124 mab uses username: <mac addr> password: <encrypted mac addr>, and so it is easily spoofable ( not secure at all ). mac authentication is slightly different than 802.1x. Instead of both username & password, only the calling-station-id is sent (client's mac address) as the auth parameter. - https://technet.microsoft.com/en-us/library/dd197535%28v=ws.10%29.aspx -earl On Fri, Jun 5, 2015 at 3:52 AM, mourik jan heupink <[email protected]> wrote: > Hi Earl, list, > > Thanks for the links. I had read those already, but they seem to talk > about EITHER mac or 802.1x on a port? > > I am under the impression that mab means: BOTH mac and 802.1x > authentication at the same time on the same port... > > Additionally, I found this doc: > > http://www.breekeenbeen.nl/2010/06/23/mac-authentication-bypass-mab-on-hp-procurve-2600/ > > In that post above, in the example, I don't see how 802.1x is activated... > > It seems to be only mac based config: > "aaa port-access mac-based 1-48" > > Difficult stuff. > > MJ > > On 06/04/2015 02:16 PM, Earl Robinson wrote: > > I used the PF ZEN guide to out-of-band enforcement to get a Cisco switch > > configured for MAB (mac authentication bypass) > > > http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN-5.1.0.pdf > > > > I did a couple quick searches and came up with these HP docs which seem > > to detail the same configuration on ProCurve switches : > > > > How to configure 802.1X authentication on ProCurve switches > > http://h10032.www1.hp.com/ctg/Manual/c02642107.pdf > > > > How to configure MAC authentication on a ProCurve switch > > http://h10032.www1.hp.com/ctg/Manual/c02628207 > > > > Hopefully those will help > > > > > > On Wed, Jun 3, 2015 at 12:48 PM, Louis Munro <[email protected] > > <mailto:[email protected]>> wrote: > > > > On Jun 3, 2015, at 12:44 , heupink <[email protected] > > <mailto:[email protected]>> wrote: > > > >> I'll look into that. An initial google search for 'mab procurve > 5400' > >> returns surprisingly few results. Usually no good sign… > > > > MAB may be a Cisco specific keyword. > > > > I haven’t played with HP switches in a while now but I would be > > surprised if they did not have some kind of similar functionality. > > > > > > Regards, > > -- > > Louis Munro > > [email protected] <mailto:[email protected]> :: www.inverse.ca > > <http://www.inverse.ca> > > +1.514.447.4918 x125 <tel:%2B1.514.447.4918%20x125> :: +1 (866) > > 353-6153 x125 <tel:%2B1%20%28866%29%20353-6153%20x125> > > Inverse inc. :: Leaders behind SOGo (www.sogo.nu > > <http://www.sogo.nu>) and PacketFence (www.packetfence.org > > <http://www.packetfence.org>) > > > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > > PacketFence-users mailing list > > [email protected] > > <mailto:[email protected]> > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > > > > > > > ------------------------------------------------------------------------------ > > > > > > > > _______________________________________________ > > PacketFence-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > >
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
