Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    7.2.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Configure MAB reauthentication globally or locally

    Configure MAB reauthentication globally or locally

    You can enable the MAC Authentication Bypass (MAB) option for devices (such as network printers) that cannot respond to the 802.1x authentication request. With MAB enabled on the port, the system will use the device MAC address as the user name and password for authentication. If a link goes down, you can select whether the impacted devices must reauthenticate. By default, reauthentication is disabled. You can use the FortiOS CLI to enable MAB reauthentication globally or locally:

    • On the global level, use the new set mab-reauth command to enable or disable MAB reauthentication.

    • On the local level, you can override the 802.1x settings for a specific managed switch and then use the new set mab-reauth command to enable or disable MAB reauthentication.

    To control MAB reauthentication on the global level:

    config switch-controller 802-1X-settings

    set mab-reauth {enable | disable}

    end

    To enable MAB reauthentication on the global level:

    config switch-controller 802-1X-settings

    set mab-reauth enable

    end

    To control MAB reauthentication on the local level:

    config switch-controller managed-switch

    edit <FortiSwitch_serial_number>

    config 802-1X-settings

    set local-override enable

    set mab-reauth {enable | disable}

    next

    end

    end

    To enable MAB reauthentication on the local level:

    config switch-controller managed-switch

    edit S548DF5018000776

    config 802-1X-settings

    set local-override enable

    set mab-reauth enable

    next

    end

    end

    Previous
    Next

    Configure MAB reauthentication globally or locally

    Configure MAB reauthentication globally or locally

    You can enable the MAC Authentication Bypass (MAB) option for devices (such as network printers) that cannot respond to the 802.1x authentication request. With MAB enabled on the port, the system will use the device MAC address as the user name and password for authentication. If a link goes down, you can select whether the impacted devices must reauthenticate. By default, reauthentication is disabled. You can use the FortiOS CLI to enable MAB reauthentication globally or locally:

    • On the global level, use the new set mab-reauth command to enable or disable MAB reauthentication.

    • On the local level, you can override the 802.1x settings for a specific managed switch and then use the new set mab-reauth command to enable or disable MAB reauthentication.

    To control MAB reauthentication on the global level:

    config switch-controller 802-1X-settings

    set mab-reauth {enable | disable}

    end

    To enable MAB reauthentication on the global level:

    config switch-controller 802-1X-settings

    set mab-reauth enable

    end

    To control MAB reauthentication on the local level:

    config switch-controller managed-switch

    edit <FortiSwitch_serial_number>

    config 802-1X-settings

    set local-override enable

    set mab-reauth {enable | disable}

    next

    end

    end

    To enable MAB reauthentication on the local level:

    config switch-controller managed-switch

    edit S548DF5018000776

    config 802-1X-settings

    set local-override enable

    set mab-reauth enable

    next

    end

    end

    Previous
    Next