MAC Authentication Bypass on Catalyst 2950 supported?


    Sponsored Links


  • 1. 350 Bridge question
    I have two buildings that I am bridging and they are about at most 250 yards apart. We were planning on bridging 3 buildings at first so we are using omni-directional antennaes. The buildings have line of sight but one roof line is lower than the other by 10 feet or so. At first the bridges would associate then drop off with the "lost authentication" message. Then they would pick up and then go down. This would occur almost every minute. I then read about how the bridges were a little problematic. So I tried a different bridge. It works much better, but still drops the connection every 5 minutes or so for about 10 seconds. The main question I have is this. Should these bridges be able to pass DHCP? The clients on the non-root side of the bridge cannot obtain any addresses. However, if I statically assign them everything is ok. Thanks in advance. Trevor
  • 2. Cisco ACS 3.2 webpages
    Hello, I just installed Cisco ACS 3.2 on my w2k3-box. Now I want to add users, and that doesn't seem to work. Suprisingly my webbrowser (IE 6) reports and javascript error. Besides this, all pages stop working after a couple of minutes. All I see is "action cancelled" in my browser. I have to open a new browser to be able to open any other pages on the ACS. Anyonefamiliar with these problems? So far ACS is not really impressive, I must say... Cheers
  • 3. Test Serial to Serial Connection, Protocol Down...
    I have a few Cisco routers that I'd like to use to connect up a remote office via 24 channel T1. One end is a 4500M with 4port Serial Card that already has 1 T1 Connection. The other end is a 2501. Inbetween the two routers I have Adtran TSU100 units. Between the two Adtrans (for testing purposes) I have a T1 crossover cable. The Cisco's are conneted to the v.34 ports. >From either CDU/DSU I can loop up the far end CSU/DSU through the Crossover cable. So I'm pretty sure that the CDU/DSU to CDU/DSU is working fine. On each of the routers I have Line Up, Protocol Down. If I look one end or the other. The Far End Router shows Protocol Up. So that is working. The Config for the Serial interfaces is pretty simple. HDSL Encap (the Default) and an IP Address. its the same that I have for my other Serial T1 Connection. Any Sugggestions? Thanks, Scott<-=
  • 4. Replace 2610 by 2621 and use same components
    Hi all, I need to replace 2610 router by a new router 2621. - Is it possible to use memory of 2610 on the 2621 ? - Is it possible to use Interface Controller E1 of 2610 on the 2621 ? Thank You very much Best Regards NS
  • 5. need help getting started w/ QoS
    We're just starting to test IP phones at a couple of our remote offices. Our phone equipment is all Nortel. Our LAN switches are all Cisco. My initial searches on Cisco VLANs and QoS have turned up a seemingly endless amount of reading on this. I'm hoping someone w/ experience can narrow down my options. I've created a couple of port-based VLANs on a 2950 - one for pc data, one for voice data, and trunk those to a PIX 506. What is the best method to ensure that traffic from the voice data VLAN has a higher priority on the trunk port of the 2950, and on the PIX?

MAC Authentication Bypass on Catalyst 2950 supported?

Postby Daniel Alex » Fri, 16 May 2008 12:41:13 GMT

Hi all,

Which IOS release that supports MAC Authentication Bypass (MAB) for Catalyst 
2950 switch? Currently I have 12.1-22 EA8a version and I would like to use 
this feature.

Thanks very much.



Similar Threads:

1.Problems with Catalyst 2950 and Mac OS X 10.4 Systems


since we have replaced our Catalyst 2924XL switches with Catalyst 2950 
we get more and more problems with Apple Macintosh OS X 10.4 Systems 
with G5 processors.
The systems get their static IP addresses from two SuSE Linux 
DHCP-Servers. In our campus-LAN 76 VLANs are configured.

Normally everything works well, but sometimes some Mac OS X 10.4 systems 
lose suddenly their server mounts.
Sometimes other Mac OS X 10.4 systems dont get an IP address while 
booting. After a reboot it works regularly.
Deactivating the port-security doesnt help.
"Spanningtree portfast" and "switchport nonegotiate" is configured on 
the switchport.

Has anyone a hint on this problem?
Thanks in advance!
Kai Matthies

Our configuration:

CatXX#sh vers
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA1b, RELEASE 
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Tue 24-Aug-04 00:12 by yenanh
Image text-base: 0x80010000, data-base: 0x8055C000

ROM: Bootstrap program is C2950 boot loader

Cat76 uptime is 47 weeks, 6 days, 7 hours, 32 minutes
System returned to ROM by power-on
System restarted at 15:05:25 MESZ Tue Jun 14 2005
System image file is "flash:/c2950-i6q4l2-mz.121-22.EA1b.bin"

cisco WS-C2950G-48-EI (RC32300) processor (revision Q0) with 20873K 
bytes of memory.
Processor board ID XXXXX
Last reset from system-reset
Running Enhanced Image
48 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: xx:xx:xx:xx:xx:xx
Motherboard assembly number: 73-7409-12
Power supply part number: 34-0965-01
Motherboard serial number: XXXXX
Power supply serial number: XXXXX
Model revision number: Q0
Motherboard revision number: A0
Model number: WS-C2950G-48-EI
System serial number: XXXXXX
Configuration register is 0xF

CatXX#sh run int fast 0/22
interface FastEthernet0/22
  description XXX
  switchport access vlan 721
  switchport mode access
  switchport nonegotiate
  switchport port-security
  switchport port-security mac-address sticky
  switchport port-security mac-address sticky 0000.1111.2222
  no snmp trap link-status
  no cdp enable
  spanning-tree portfast

CatXX#sh int fast 0/22
FastEthernet0/22 is down, line protocol is down (notconnect)
   Hardware is Fast Ethernet, address is 0013.1953.xxxx (bia 0013.1953.xxxx)
   Description: XXX
   MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec,
      reliability 255/255, txload 1/255, rxload 1/255
   Encapsulation ARPA, loopback not set
   Keepalive set (10 sec)
   Auto-duplex, Auto-speed, media type is 100BaseTX
   input flow-control is unsupported output flow-control is unsupported
   ARP type: ARPA, ARP Timeout 04:00:00
   Last input 29w0d, output 01:18:10, output hang never
   Last clearing of "show interface" counters 3d12h
   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
   Queueing strategy: fifo
   Output queue: 0/40 (size/max)
   5 minute input rate 0 bits/sec, 0 packets/sec
   5 minute output rate 0 bits/sec, 0 packets/sec
      276641 packets input, 102028305 bytes, 0 no buffer
      Received 1969 broadcasts (0 multicast)
      0 runts, 0 giants, 0 throttles
      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
      0 watchdog, 1189 multicast, 0 pause input
      0 input packets with dribble condition detected
      797521 packets output, 121800493 bytes, 0 underruns
      0 output errors, 0 collisions, 0 interface resets
      0 babbles, 0 late collision, 0 deferred
      0 lost carrier, 0 no carrier, 0 PAUSE output
      0 output buffer failures, 0 output buffers swapped out

CatXX#sh int fast 0/22 switchport
Name: Fa0/22
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 721 (XXX)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

2.anyone know about: vlan trunking with catalyst 1900 to any other ios device (catalyst 2950)

3.anyone know about: vlan trunking with catalyst 1900 to any other ios device (catalyst 2950)

4.Settinup 802.ix authentication with cisco 2950 and Micorsoft IAS

I have a project to stop rogue users form pluging onto my network. I
have seen where cisco switches can do port authentication with a radius
server. I would like to setup and IAS server on win2k3 as my radius
server. Can anyone provide me with configuration guides to configure
the switch as well as the IAS server? I would really appreciate the


5.Debug mac access-list extended 2950

Is there a way to debug extended mac access-lists?  I have not found
anything on the Cisco Web Sit or in my switch doc.

My layer2 acl is blocking everything and I do not have any way of
seeing what is happening.  show access-list does not provide a count of
deny frames.  All the debug commands I looked at are for layer3&4

Any suggestions would be appreciated.

6. 2950 switch - max mac-add table size?

7. Port-security mac address on 2950

8. 2950 empty mac address table

Return to cisco


Who is online

Users browsing this forum: No registered users and 73 guest