MAB (MAC Authentication Bypass) facilitates port-based access control through the utilization of the endpoint's MAC address. Additionally, it offers enhanced network visibility, as the authentication process enables the combination of device IP address, MAC address, switch, and port.
MAB can be implemented as a backup or supplementary mechanism to IEEE 802.1X. In the absence of IEEE 802.1X-enabled devices on the network, MAB can be implemented as a standalone authentication mechanism.
In order for the MAB authorization service to function correctly, it is necessary to input the system's MAC addresses.
This may be accomplished in a number of ways, as illustrated below.
To make the further process of configuring the MAB easier, it's a good idea to group the added objects right away. In the form of each modality, there is an Object Groups field. This is a drop-down list from which you select the object groups you created earlier in Menu > Administration > Object Groups.
| Form fields | Value |
|---|---|
| Name | Type any name |
| Authentication method to the network | MAC |
| Action | Access to vlan |
| Send VLAN tag back | Yes (checkbox) |
| Vlan | Select from the list the VLAN to be assigned to the users of the organization |
| Device group MAC addresses | Select from the list of object groups if mac addresses or terminal devices have been previously grouped |
| Undefined Endpoints means | Any Endpoints |
| Network device | Select from the list the WiFi controllers and/or network devices on which the authorization service will be activated |
| WiFi network | Optional: if you selected a wifi controller above, select the SSID |
After the initial authorization, the system will create a validation template for future verification. In the case of changes to the components of the end device or its replacement, the stored template should be deleted. To do this, go to the end device, press the preview button next to the validation template, and select the clear option.