This document describes how to implement UCS C-Series with MAB/802.1x authentication on Cisco switches.
One of the access control techniques that Cisco provides is MAC Authentication Bypass (MAB). MAB uses the MAC address of a device in order to determine what kind of network access to provide.
In a network that includes both devices that support and devices that do not support IEEE 802.1X, MAB can be deployed as a fallback, or complementary, mechanism to IEEE 802.1X. If the network does not have any IEEE 802.1X-capable devices, MAB can be deployed as a standalone authentication mechanism.
May 11 16:33:14.311 JST: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down May 11 16:33:15.312 JST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down May 11 16:33:17.891 JST: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to up May 11 16:33:18.891 JST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up
Sending 5, 100-byte ICMP Echos to 10.141.49.205, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) 3750#do sh access-sess int g1/0/1 details No sessions match supplied criteria.
Debug (debug MAB all command) shows the MAC entry of UCS not learned on the switch, which is required to authenticate with the backend.
3750 (config)# interface GigabitEthernet1/0/37 3750(config-if)#access-session control-direction in
Enter the access-session control-direction in command (previously the authentication control-direction in command) in order to enable the switch to send traffic in egress to the host, but not the other way around. The command is usually used on clients such as printers/devices which do not continually send traffic as a way to initiate communication (also used for Wake on Lan). Essentially a packet is sent from the switch and the client responds. The response will contain the MAC address which is then used for MAB. In the already established setup, the MAC address from the client was not being received.