Netgear M5300-28G-POE+ (GSM7228PSv1h2) - 12-Port Managed Gigabit Switch Ratgeber Für Administratoren
MAB
414
Managed Switches
Configure MAC Authentication Bypass on a Switch
This section provides an example of how to configure MAC Authentication Bypass (MAB) on
a switch.
a switch.
The example is shown as CLI commands and as a web interface procedure.
CLI: Configure the Switch to Perform MAB with a Microsoft Network
Policy Server
1.
Enable 802.1X authentication on the switch.
(Netgear Switch) #config
(Netgear Switch) (Config)#dot1x system-auth-control
2.
Configure RADIUS to authenticate 802.1X users.
(Netgear Switch) (Config)#aaa authentication dot1x default radius
3.
Configure the switch to communicate with the Microsoft network policy server.
In this example, the Microsoft network policy server IP address is 10.1.10.46. The shared
key on the switch and the RADIUS server must match.
key on the switch and the RADIUS server must match.
(Netgear Switch) (Config)#radius server host auth 10.1.10.46
(Netgear Switch) (Config)#radius server key auth 10.1.10.46
Enter secret (64 characters max):******
Re-enter secret:******
(Netgear Switch) (Config)#radius server primary 10.1.10.46
4.
Configure force-authorization on the port that connects to the Microsoft network policy server
(port 1/0/1 in this example).
(port 1/0/1 in this example).
(Netgear Switch) (Config)#interface 1/0/1
(Netgear Switch) (Interface 1/0/1)#dot1x port-control force-authorized
(Netgear Switch) (Interface 1/0/1)#exit
5.
Configure MAB on the port that connects to the IP phone (port 1/0/10 in this example).
(Netgear Switch) #config
(Netgear Switch) (Config)#interface 1/0/10
(Netgear Switch) (Interface 1/0/10)#dot1x port-control mac-based
(Netgear Switch) (Interface 1/0/10)#dot1x mac-auth-bypass
(Netgear Switch) (Interface 1/0/10)#exit
(Netgear Switch) (config)#exit