MAC Authentication Bypass

802.1X MAC Authentication Bypass (MAB) is an access control technique which uses the MAC address of a device to determine what kind of network access should be provided to hosts. For MAB authentication mechanism, the switch will transmit an Access-Request message to the RADIUS server, with the device MAC address. If the MAC address is valid, the RADIUS server will return a RADIUS Access-Accept message. This message indicates to the switch that the endpoint should be allowed access to the port. No further authentication methods will be tried if MAB succeeds.

Host-based 802.1X enables the switch to allow one or multiple hosts to gain access to the network. Each host on the port should be authenticated individually. Packets from unauthorized hosts will be dropped on the port.