Security - MAC Authentication Bypass

The MAC Authentication Bypass (MAB) feature that allows network devices that are not associated with a particular user (such as network printers, IP cameras, IoT devices) to connect to a network that has been secured using AAA functionality that leverages 802.1x authentication.

MAB is used to bypass authentication by such devices due to the fact that they don't have any interface to conveniently issue credentials for such authentication. MAB is based on the MAC address of these devices.

When you enable MAB on a switchport, the switch drops all Ethernet frame types except for the first frame to learn the MAC address. Any frame can be used to learn the MAC address except for CDP, LLDP, STP, and DTP traffic. Once the switch has learned the MAC address, it contacts an authentication server (RADIUS or TACACS+) to check if it permits the MAC address.

MAB should not be confused with authbypass.