Dot1X MAB or LLDP Blocked Port Passthrough Support?

Hi support have been kicking around some radius configs on a cnMatrix managed via cnMaestro . I’ve been trying to get MAC bypass configured on a port that houses an IP Phone with a Dot1x enabled computer attached via the switch port/loop through port on the phone.

Dot1X computer works and talks to the Windows NPS no issues , does its EAP thing, auths and gets an IP address but it doesn’t appear that there is any sort of MAB / MAC Forwarding functionality to the radius server for non 802.1x devices from what I can tell . Usually on most vendors equipment you’d see a MAC address bypass setting or radius priority order on the ports.

Some vendors we’ve worked with provide LLDP Passthrough ability that will pass through LLDP’s even on a blocked port and then have a setting .

Can post configs if needed but it’s pretty vanilla.


cnMatrix currently does not support MAC Authentication Bypass (MAB). It is in our roadmap for early '2021.


Thanks Tam for the confirmation.

Hi Tam.I’ve seen some of the wireless gear has MAB knobs now . Is it still in the pipeline to get MAB going on cnMatrix ?


Mac Authentication Bypass will be included in cnMatrix 4.1 release in June.


4.1 has been released with MAB support :partying_face:

Oh wow thanks . Gonna throw this up in the lab in week if I get a chance.
Will the knobs be coming to the cnMaestro UI at some stage for this to reduce UDO clutter ?

MAB is enabled per port in the Switch Port page on the upcoming cnMaestro, to be released in August.

1 Like

Have to say I’m impressed how quickly you roll out features Tam in the switching lineup.
I’ve had an ABCD vendor I was paying big $ p/m on service contracts take 4 years to just roll out MAB properly on their equipment before.

1 Like

Thank you for your comment.
The next cnMaestro release will be available early August. Here’s the preliminary screenshot to configure MAB on port 2.