MAC Authentication Bypass on Catalyst 2950 supported?


    Sponsored Links


  • 1. R&S or Security
    Hello every one, I finshed my ccna, ccnp, and I want to start my ccie, i am having hard time deciding which way i go, do i go for R & S or the security track? You input will be very much appreciated TIA
  • 2. Cisco PIX 515 - need help.
    Hello all, We have to setup the rule on Cisco PIX 515. Here is the case: I have single public ip address: 62.192.2.X I have one exchange server ( and one spammail system ( The setup: Internet---->spammail-----> exchange ------> to mail client ******************************************* object-group service spammail tcp-udp description spammail port-object eq 25 object-group service mail tcp-udp description mail server port-object eq 25 port-object eq 21 port-object eq www port-object eq 443 access-list outside_access_in permit tcp host 62.192.2.X object-group mail static (inside,outsie) tcp 62.192.2.X https mail https netmask 0 0 static (inside,outsie) tcp 62.192.2.X www mail www netmask 0 0 static (inside,outsie) tcp 62.192.2.X smtp spammail smtp netmask 0 0 ****************************************** The mail server and spammail did not receive any mail. What's wrong on my setup? Can anyone help? Thanks. Peter
  • 3. CrcAlign-Err and Fragments
    Doew anyone want to take a shot at this one? This is one of our uplink ports to another 100MB/Full network switch uplink. I don't know where to start if somebody could get me started. C4506#show int fa 2/2 coun err Port CrcAlign-Err Dropped-Bad-Pkts Collisions Symbol-Err Fa2/2 28053 0 0 0 Port Undersize Oversize Fragments Jabbers Fa2/2 0 0 12267 0 Port Single-Col Multi-Col Late-Col Excess-Col Fa2/2 0 0 0 0 Port Deferred-Col False-Car Carri-Sen Sequence-Err Fa2/2 0 0 0 0
  • 4. Setup 1605 Router to between two Autonomous Networks
    Need some help on this setup - I have a remote site that has two separate networks - 2 routers (Cisco 1601 and 1605) connect to hub. Static IP addesses on the PCs. 192.168.100.x addresses for one network, 10.9.x.x for other. Users have two PCs at their desk to connect to the two networks. They use the 192 Network for a TN3270 connection and a FTP upload. Everything else is done on their other PC (10.9.x.x netowrk. What I want to do is remove the need for two PCs at each users desk. Current setup: 192 Network- 1601 router Serial0 - ip (t1) E0 - (to hub) 10 network 1605 Router s0 - (T1) e0 - (to hub) e1 - shutdown What I propose is this: 192 Network- 1601 router Serial0 - ip (t1) E0 - (connect to 1605 via Crossover cable) 10 network 1605 Router s0 - (T1) e0 - (Lan) e1 - (connect 1601 w crossover) however - I'm not sure of how to route data. I cannot pass routing tables between the two networks. I was thinking of using NAT to accomplish this but I'm not sure. Can someone help? Thanks you in advance.

MAC Authentication Bypass on Catalyst 2950 supported?

Postby Daniel Alex » Fri, 16 May 2008 12:41:13 GMT

Hi all,

Which IOS release that supports MAC Authentication Bypass (MAB) for Catalyst 
2950 switch? Currently I have 12.1-22 EA8a version and I would like to use 
this feature.

Thanks very much.



Similar Threads:

1.Problems with Catalyst 2950 and Mac OS X 10.4 Systems


since we have replaced our Catalyst 2924XL switches with Catalyst 2950 
we get more and more problems with Apple Macintosh OS X 10.4 Systems 
with G5 processors.
The systems get their static IP addresses from two SuSE Linux 
DHCP-Servers. In our campus-LAN 76 VLANs are configured.

Normally everything works well, but sometimes some Mac OS X 10.4 systems 
lose suddenly their server mounts.
Sometimes other Mac OS X 10.4 systems dont get an IP address while 
booting. After a reboot it works regularly.
Deactivating the port-security doesnt help.
"Spanningtree portfast" and "switchport nonegotiate" is configured on 
the switchport.

Has anyone a hint on this problem?
Thanks in advance!
Kai Matthies

Our configuration:

CatXX#sh vers
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA1b, RELEASE 
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Tue 24-Aug-04 00:12 by yenanh
Image text-base: 0x80010000, data-base: 0x8055C000

ROM: Bootstrap program is C2950 boot loader

Cat76 uptime is 47 weeks, 6 days, 7 hours, 32 minutes
System returned to ROM by power-on
System restarted at 15:05:25 MESZ Tue Jun 14 2005
System image file is "flash:/c2950-i6q4l2-mz.121-22.EA1b.bin"

cisco WS-C2950G-48-EI (RC32300) processor (revision Q0) with 20873K 
bytes of memory.
Processor board ID XXXXX
Last reset from system-reset
Running Enhanced Image
48 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: xx:xx:xx:xx:xx:xx
Motherboard assembly number: 73-7409-12
Power supply part number: 34-0965-01
Motherboard serial number: XXXXX
Power supply serial number: XXXXX
Model revision number: Q0
Motherboard revision number: A0
Model number: WS-C2950G-48-EI
System serial number: XXXXXX
Configuration register is 0xF

CatXX#sh run int fast 0/22
interface FastEthernet0/22
  description XXX
  switchport access vlan 721
  switchport mode access
  switchport nonegotiate
  switchport port-security
  switchport port-security mac-address sticky
  switchport port-security mac-address sticky 0000.1111.2222
  no snmp trap link-status
  no cdp enable
  spanning-tree portfast

CatXX#sh int fast 0/22
FastEthernet0/22 is down, line protocol is down (notconnect)
   Hardware is Fast Ethernet, address is 0013.1953.xxxx (bia 0013.1953.xxxx)
   Description: XXX
   MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec,
      reliability 255/255, txload 1/255, rxload 1/255
   Encapsulation ARPA, loopback not set
   Keepalive set (10 sec)
   Auto-duplex, Auto-speed, media type is 100BaseTX
   input flow-control is unsupported output flow-control is unsupported
   ARP type: ARPA, ARP Timeout 04:00:00
   Last input 29w0d, output 01:18:10, output hang never
   Last clearing of "show interface" counters 3d12h
   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
   Queueing strategy: fifo
   Output queue: 0/40 (size/max)
   5 minute input rate 0 bits/sec, 0 packets/sec
   5 minute output rate 0 bits/sec, 0 packets/sec
      276641 packets input, 102028305 bytes, 0 no buffer
      Received 1969 broadcasts (0 multicast)
      0 runts, 0 giants, 0 throttles
      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
      0 watchdog, 1189 multicast, 0 pause input
      0 input packets with dribble condition detected
      797521 packets output, 121800493 bytes, 0 underruns
      0 output errors, 0 collisions, 0 interface resets
      0 babbles, 0 late collision, 0 deferred
      0 lost carrier, 0 no carrier, 0 PAUSE output
      0 output buffer failures, 0 output buffers swapped out

CatXX#sh int fast 0/22 switchport
Name: Fa0/22
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 721 (XXX)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

2.anyone know about: vlan trunking with catalyst 1900 to any other ios device (catalyst 2950)

3.anyone know about: vlan trunking with catalyst 1900 to any other ios device (catalyst 2950)

4.Settinup 802.ix authentication with cisco 2950 and Micorsoft IAS

I have a project to stop rogue users form pluging onto my network. I
have seen where cisco switches can do port authentication with a radius
server. I would like to setup and IAS server on win2k3 as my radius
server. Can anyone provide me with configuration guides to configure
the switch as well as the IAS server? I would really appreciate the


5.Debug mac access-list extended 2950

Is there a way to debug extended mac access-lists?  I have not found
anything on the Cisco Web Sit or in my switch doc.

My layer2 acl is blocking everything and I do not have any way of
seeing what is happening.  show access-list does not provide a count of
deny frames.  All the debug commands I looked at are for layer3&4

Any suggestions would be appreciated.

6. 2950 switch - max mac-add table size?

7. Port-security mac address on 2950

8. 2950 empty mac address table

Return to cisco


Who is online

Users browsing this forum: No registered users and 67 guest