Manualshelf

Quick Reference Guide

ManualsBrandsDell ManualsserversDell Networking N4000 Series
841842843844845846847848849850
802.1x Commands 847
User Guidelines
Local processing of IEEE 802.1x frames must be disabled (no dot1x system-
auth-control) for this capability to be enabled. This capability is useful in
situations where the authenticator device is placed one or more hops away
from the authenticating host. The intervening switch will flood all received
IEEE 802.1x frames in the VLAN.
Flooding of IEEE 802.1x frames makes end stations vulnerable to a denial of
service attack should another end station record and play back certain flooded
EAPOL frames at a high rate.
dot1x mac-auth-bypass
Use the dot1x mac-auth-bypass command to enable MAB on an interface.
Use the no form of this command to disable MAB on an interface.
Syntax
dot1x mac-auth-bypass
no dot1x mac-auth-bypass
Default Configuration
MAC Authentication Bypass is disabled by default.
Command Mode
Interface Configuration (Ethernet) mode
User Guidelines
Authentication of a user via mac-auth-bypass will not occur until the "dot1x
time-out guest-vlan-period" timer expires.
Example
The following example sets MAC Authentication Bypass on interface
gigabitethernet 1/0/2:
console(config-if-Gi1/0/2)#dot1x mac-auth-bypass
2CSNXXX_SWUM200.book Page 847 Tuesday, December 10, 2013 1:22 PM