To separate the setting for 802.1x and MAC Authentication Bypass

Created: 13 Oct 2009 | 1 comment

Symantec Employee

1 Agree

0 Disagree

+1 1 Vote

To connect the device like printer with MAB, we should set "Unavailable" as "Host authentiation", "Pass" as "User authentication" and "Ignore Result" as "Policy Check result" to open the port.
This means no client machine can connect the port.
So our customer requests to enhancement to create the separate area to set 802.1x and MAB.

idea Filed Under:

Security, Network Access Control, Configuring

Login or register to post comments
Comments RSS Feed

Comments

Oct

2009

0 Votes 0

josh_symc

Symantec Employee

Accredited

Certified

This was implemented in the recent 11.0 RU5 release.

Unfortunately the release notes documenation was not updated for a handful of SNAC updates. On the LAN Enforcer CLI there are some new commands below.

As well, please note this event is logged differently as below....

Am working on getting docs and hopefully a KB for this :).

mab-override [ enable | disable ]

Disable/enable the MAB action table.

mab-accept action [ open-port | close-port | vlan VLAN_ID ]

Set accept action

mab-reject action [ open-port | close-port | vlan VLAN_ID ]

Set reject action

show mab-override

Show mab-override action table configuration

	Assign VLAN	Open/Close port
Previous	"Assign VLAN <name> to port because Host Integrity check is <result>, profile check is <result> and EAP auth is <result>."	"CLOSE_PORT because Host Integrity check is <result>, profile check is <result> and EAP auth is <result>."
Change to	"Assign VLAN <name> to port because MAB result is <result>."	"CLOSE_PORT because MAB result is <result>."

To separate the setting for 802.1x and MAC Authentication Bypass

Comments

This was implemented in the recent 11.0 RU5 release.

Would you like to reply?

Links

Technical Support

Symantec.com

Store

Community Stats