Mac Address Bypass
-
Tuesday, August 12, 2008 10:54 PMDoes anyone know how to do NAP with MacAddresBypass feature of a switch for printers and other non-dot1x clients?
I set the command dot1x mac-address-bypass on the switch, and after it fails eap, I see it send to NPS the mac address as a user. Can I create a list of approved mac addresses?
If not, how do you allow printers to participate on a dot1x network?
Derek
All Replies
-
Wednesday, August 13, 2008 8:14 AMI'm not sure about my response, but I think that you must put your non-dot1x clients in guest vlan. You don't have any another choice.
-
Thursday, September 18, 2008 12:22 PMI think you don't want to put your printer in a guest vlan. You can disable dot1x on that specific switchport. I think it's also possible to exclude printers in nap but I haven't found it yet.
edit:
http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/9a41c5d1-2436-4789-ae84-7ed04f99762a/- Edited by John_do50 Thursday, September 18, 2008 12:26 PM
-
Friday, September 19, 2008 12:21 AMOwner Hi Derek,
There is a blog post that might help you with this. It is also discussed in some forum posts. See the links below.
http://blogs.technet.com/nap/archive/2006/09/08/454705.aspx
http://social.technet.microsoft.com/forums/en-US/winserverNAP/thread/06fffcee-50f5-48e7-a956-db3da114de2a
http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/466ce29a-fc83-475b-bfd6-6af4a095cb59
Also, here is a reference describing MAC address authorization with IAS:
http://technet2.microsoft.com/windowsserver/en/library/e9a30a60-7f8b-435f-b210-d47c3b7ecb961033.mspx?mfr=true
I hope this helps,
-Greg- Proposed As Answer by Greg LindsayMicrosoft Employee, Owner Friday, September 19, 2008 12:21 AM
- Marked As Answer by Greg LindsayMicrosoft Employee, Owner Sunday, September 21, 2008 7:09 PM
.png)
