On routed interfaces customers can check MAC addresses against a RADIUS server to bypass 802.1x for LAN devices that do not support 802.1x authentication. MAB simplifies IT operations, saves time, and enhances scalability by no longer requiring customers to manually configure every MAC address that may need authentication.

Prerequisites

  • A RADIUS server must be configured and added to the Edge. See Configure Authentication Services.
  • The RADIUS server must have a list of MAC addresses to be bypassed to take advantage of the MAB feature.
  • RADIUS authentication must be configured on an Edge's routed interface either at the Profile or Edge level.
Important: RADIUS-based MAB is not supported for VLANs and thus cannot be used for switched ports. RADIUS-based MAB is supported for routed interfaces only.

Activating MAB

  1. In the Customer portal, click either Configure > Profile or > Configure > Edges depending on your preferences.
  2. Click the Device icon next to an Edge, or click the link to the Edge, and then click the Device tab.
  3. Scroll down to the Connectivity section and open up the Interfaces section for the Edge.

  4. The Interfaces section displays the existing interfaces available in the Edge.

  5. Click the Interface to edit the Routed interface that is configured for RADIUS authentication.
  6. On the interfaces Edit screen confirm that RADIUS Authentication is configured and then click the box for Enable RADIUS based MAB (MAC Address Authentication Bypsss).
  7. Click Save and return to the Device Settings page.

  8. Finally, click on Save Changes in the bottom right corner to apply your configuration.