Re: 802.1x on the wire - mac address exclusion

["Williams, Matthew" <mwill186 () KENT EDU>]

You should be able to setup MAB (MAC Address Bypass) in your switches, then create your MAC whitelist in your RADIUS 
product.  Your other option is to disable 802.1X on the switchport of those devices, but that becomes a management 
nightmare.

Respectfully,

Matt

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Emily 
Harris
Sent: Thursday, June 23, 2016 9:47 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] 802.1x on the wire - mac address exclusion

All:

Recently our Bradford Campus Manager appliance failed, and we decided not to replace it.  Instead, we will be doing 
802.1x authentication on the wire.  The basic setup works, but we are looking for solutions to easily exclude MACs for 
non-keyboard devices such as cameras, game consoles, and printers.  We are hoping to do this without purchasing or 
deploying a larger management system such as Cisco ISE.

If anyone is doing this, I'd appreciate reaching out to me on or off list.  Thank you!

----
Emily Harris
Information Security Officer, CIS
Vassar College
845-437-7221