A MAC Authentication Bypass (MAB) operation involves authentication using RADIUS Access-Request packets with both the username
and password attributes. By default, the username and the password values are the same and contain the MAC address. The Configurable
MAB Username and Password feature enables you to configure both the username and the password attributes in the following
scenarios:
-
To enable MAB for an existing large database that uses formatted username attributes, the username format in the client MAC
needs to be configured. Use the mab request format attribute 1 command to configure the username format.
-
Some databases do not accept authentication if the username and password values are the same. In such instances, the password
needs to be configured to ensure that the password is different from the username. Use the mab request format attribute 2 command to configure the password.
The Configurable MAB
Username and Password feature allows interoperability between the Cisco IOS
Authentication Manager and the existing MAC databases and RADIUS servers. The
password is a global password and hence is the same for all MAB authentications
and interfaces. This password is also synchronized across all supervisor
devices to achieve high availability.
If the password is not
provided or configured, the password uses the same value as the username. The
table below describes the formatting of the username and the password:
MAC Address |
Username Format (Group Size, Separator) |
Username |
Password Configured |
Password Created |
08002b8619de |
(1, :)
(1, -)
(1, .)
|
0:8:0:0:2:b:8:6:1:9:d:e
0-8-0-0-2-b-8-6-1-9-d-e
0.8.0.0.2.b.8.6.1.9.d.e
|
None |
0:8:0:0:2:b:8:6:1:9:d:e
0-8-0-0-2-b-8-6-1-9-d-e
0.8.0.0.2.b.8.6.1.9.d.e
|
08002b8619de |
(1, :)
(1, -)
(1, .)
|
0:8:0:0:2:b:8:6:1:9:d:e
0-8-0-0-2-b-8-6-1-9-d-e
0.8.0.0.2.b.8.6.1.9.d.e
|
Password |
Password |
08002b8619de |
(2, :)
(2, -)
(2, .)
|
08:00:2b:86:19:de
08-00-2b-86-19-de
08.00.2b.86.19.de
|
None |
08:00:2b:86:19:de
08-00-2b-86-19-de
08.00.2b.86.19.de
|
08002b8619de |
(2, :)
(2, -)
(2, .)
|
08:00:2b:86:19:de
08-00-2b-86-19-de
08.00.2b.86.19.de
|
Password |
Password |
08002b8619de |
(4, :)
(4, -)
(4, .)
|
0800:2b86:19de
0800-2b86-19de
0800.2b86.19de
|
None |
0800:2b86:19de
0800-2b86-19de
0800.2b86.19de
|
08002b8619de |
(4, :)
(4, -)
(4, .)
|
0800:2b86:19de
0800-2b86-19de
0800.2b86.19de
|
Password |
Password |
08002b8619de |
(12, <not applicable>) |
08002b8619de |
None |
08002b8619de |
08002b8619de |
(12, <not applicable>) |
08002b8619de |
Password |
Password |