All Topics » Pulse Policy Secure



Dot1x Mac Bypass


shetoshandasa
Contributor (11)
May 20, 2015 3:56am

Dears,

We are impelemnting dot1x in our network using Microsoft NAP on both wired and wireless network. all thing are good except the connection of Avaya Phones.

we don't want to create hundreds of usernames for each Avaya Mac in the AD , so we decided to make MAC bypass for them.

the problem also , we don't need to configure static entry for each mac on All switches using the below command

set protocols dot1x authenticator static <MAC>

we need to use something like regular expression as all of our phones mac address start with same OUI , so we want to put just one command to bypass all devices start with same OUI , any help ??




MarcTB
Contributor (11)
May 20, 2015 4:26am

Hi,

What I know is that you can assign VLAN based on a MAC address or a MAC address OUI (first 3 octets), or mask.

I'm not 100% sure that true (never had the chance to test it)

normaly you would do something like this

set protocols dot1x authenticator static [00:04:0f:fd:ac:fe 00:04:ae:cd:23:5f]

You can try it by doing something like this

set protocols dot1x authenticator static 00:04:0f

Some more documentation here:

https://www.juniper.net/techpubs/en_US/junos12.2/topics/example/authentication-static-mac-bypass-ex-series.html

    shetoshandasa
    Contributor (11)
    May 20, 2015 4:45am

    Thanks for your reply , i have tried this command before but gives an error for sorrow

cbrauckmiller
Contributor (1)
Aug 2, 2015 9:14am
Do you have a Pulse Police Secure/IC/MAG device?

If so, you can create a local MAC auth server and use a wildcard to specify the AVAYA's first 3 bytes of the MAC address.

Thanks

Craig