The set protocols dot1x interface auth-mode mac-radius command enables the MAB authentication mode on a specified interface.
set protocols dot1x interface <interface-name> auth-mode mac-radius
Specifies the physical interface name. The value could be ge-1/1/1, xe-1/1/2, and so on.
When no NAC authentication mode and the CLI node set protocols dot1x interface <interface-name> are configured, the port is open to the user; but if the CLI node set protocols dot1x interface <interface-name> is configured, the port becomes blocked.
During the MAB authentication process, the user is not required to manually enter a username or password. The user's MAC address will be encapsulated as user name and password in the packet and sent to the RADIUS server. The port will be opened to the user with this MAC only if it passes the MAB authentication. This technology is suitable for environments where the MAC address is fixed and the security requirements are not very high. At the same time, it can meet the authentication requirements of terminals such as printers that cannot install the authentication client software.
When both 802.1X authentication and MAB authentication modes are enabled, the 802.1X authentication will take precedence over MAB. If the Supplicant supports 802.1x authentication, the system performs 802.1x authentication. Else if the Supplicant does not support 802.1x authentication, the system performs MAB authentication. For the former case, no matter whether 802.1x authentication is successful or not, the MAB authentication process will not be taken.
- Enable MAB authentication mode on interface ge-1/1/1.