Reading Time: < 1 minutes

MAC Authenication Bypass

Simply put this is where we use the MAC address to determine what type of network access to grant. This is typically used for hardware devices that can not support certificates. Example: Printer; VOIP Phone; NTP; BMS (Building Managment System); Temperature/Humidity; Security Cameras; Security Controllers

A sample switch config might look something like.

aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
spanning-tree portfast
spanning-tree bpduguard enable
radius-server host key cisco123
This entry was posted in Cisco, ISE, Networking, Security. Bookmark the permalink.