Fortinet black logo

New Features

Configure MAB reauthentication globally or locally

Copy Link
Copy Doc ID 77966226-6996-11ec-bdf2-fa163e15d75b:53652
Download PDF

Configure MAB reauthentication globally or locally

You can enable the MAC Authentication Bypass (MAB) option for devices (such as network printers) that cannot respond to the 802.1x authentication request. With MAB enabled on the port, the system will use the device MAC address as the user name and password for authentication. If a link goes down, you can select whether the impacted devices must reauthenticate. By default, reauthentication is disabled. You can use the FortiOS CLI to enable MAB reauthentication globally or locally:

  • On the global level, use the new set mab-reauth command to enable or disable MAB reauthentication.

  • On the local level, you can override the 802.1x settings for a specific managed switch and then use the new set mab-reauth command to enable or disable MAB reauthentication.

To control MAB reauthentication on the global level:

config switch-controller 802-1X-settings

set mab-reauth {enable | disable}

end

To enable MAB reauthentication on the global level:

config switch-controller 802-1X-settings

set mab-reauth enable

end

To control MAB reauthentication on the local level:

config switch-controller managed-switch

edit <FortiSwitch_serial_number>

config 802-1X-settings

set local-override enable

set mab-reauth {enable | disable}

next

end

end

To enable MAB reauthentication on the local level:

config switch-controller managed-switch

edit S548DF5018000776

config 802-1X-settings

set local-override enable

set mab-reauth enable

next

end

end

Configure MAB reauthentication globally or locally

You can enable the MAC Authentication Bypass (MAB) option for devices (such as network printers) that cannot respond to the 802.1x authentication request. With MAB enabled on the port, the system will use the device MAC address as the user name and password for authentication. If a link goes down, you can select whether the impacted devices must reauthenticate. By default, reauthentication is disabled. You can use the FortiOS CLI to enable MAB reauthentication globally or locally:

  • On the global level, use the new set mab-reauth command to enable or disable MAB reauthentication.

  • On the local level, you can override the 802.1x settings for a specific managed switch and then use the new set mab-reauth command to enable or disable MAB reauthentication.

To control MAB reauthentication on the global level:

config switch-controller 802-1X-settings

set mab-reauth {enable | disable}

end

To enable MAB reauthentication on the global level:

config switch-controller 802-1X-settings

set mab-reauth enable

end

To control MAB reauthentication on the local level:

config switch-controller managed-switch

edit <FortiSwitch_serial_number>

config 802-1X-settings

set local-override enable

set mab-reauth {enable | disable}

next

end

end

To enable MAB reauthentication on the local level:

config switch-controller managed-switch

edit S548DF5018000776

config 802-1X-settings

set local-override enable

set mab-reauth enable

next

end

end