myITmicroblog

One of the method to control your network is using MAB feature. It is helpful in case you have devices without dot1x functionality. Today I will try to implement basic configuration and analyze log messages. There is only one switch SW1 and one device attached to port Fa1/0/2.   ! aaa new - model aaa authentication dot1x default group radius ! ! int Fas1 / 0 / 2 authentication host - mode single - host authentication port - control auto mab ! I haven’t configured ACS yet but let’s see what error message I receive:   SW1 ( config - if ) # mab - ev ( Fa1 / 0 / 2 ): Received MAB context create from AuthMgr mab - ev ( Fa1 / 0 / 2 ): Created MAB client context 0x1100000F mab : initial state mab_initialize has enter mab - ev ( Fa1 / 0 / 2 ): Sending create new context event to EAP from MAB for 0x1100000F ( 0000.0000 . 0000 ) mab - sm ( Fa1 / 0 / 2 ): Received event 'MAB_START' on handle 0x1100000F mab : during state mab_initia

I would like to test tacacs+ authentication on routers.   R1 #sh run aaa ! aaa authentication login ACS group tacacs + aaa authentication enable default group tacacs + ! ! ! ! ! ! tacacs - server host 192.168 . 157.100 key cisco aaa new - model aaa session - id common ! ! R1 # R1 #sh run | b line vty 0 4 line vty 0 4 login authentication ACS ! On ACS I added R1 as ND and ‘user1’ to the local database.   telnet 192.168 . 157.100 R1 # * Aug 27 15 : 37 : 05.071 : TPLUS : Queuing AAA Authentication request 49 for processing * Aug 27 15 : 37 : 05.075 : TPLUS : processing authentication start request id 49 * Aug 27 15 : 37 : 05.079 : TPLUS : Authentication start packet created for 49 () * Aug 27 15 : 37 : 05.079 : TPLUS : Using server 192.168 . 157.100 * Aug 27 15 : 37 : 05.087 : TPLUS ( 00000031 )/ 0 / NB_WAIT / 685E7C1C : Started 5 sec timeout * Aug 27 15 : 37 : 05.099 : TPLUS ( 00000031 )/ 0 / NB_WAIT : socket even