https://community.cisco.com/t5/network-access-control/authentication-open-for-mab/m-p/4832762#M581676 <P>Hello</P> <P>&nbsp;It does in conjunction with MAB&nbsp; and dot1x.</P> <P>By definition:</P> <P><EM>"Open authentication is enabled by entering the <STRONG>authentication open</STRONG> command after host mode configuration,</EM><BR /><EM>and acts as an extension to the configured host mode. For example,<STRONG> if open authentication is enabled with</STRONG></EM><BR /><STRONG><EM>single-host mode, then the port will allow only one MAC address. When preauthentication open access is</EM></STRONG><BR /><STRONG><EM>enabled, initial traffic on the port is restricted only by whatever other access restriction, independent of 802.1X,</EM></STRONG><BR /><EM><STRONG>is configured on the port.</STRONG> If no access restriction other than 802.1X is configured on the port, then a client</EM><BR /><EM>device will have full access on the configured VLAN."</EM></P> <P>&nbsp; So, the implementation would be:</P> <P><EM>authentication host-mode multi-auth</EM></P> <P><EM>authentication open</EM></P> <P><EM>authentication order mab dot1x</EM></P> <P><EM>authentication priority dot1x mab</EM></P> <P><EM>authentication port-control auto</EM></P> <P>&nbsp;</P> Wed, 10 May 2023 16:43:15 GMT Flavio Miranda 2023-05-10T16:43:15Z https://community.cisco.com/t5/network-access-control/authentication-open-for-mab/m-p/4832754#M581674 <P>Hi all;</P><P>Does "authentication open" work for MAB, too?</P><P>Thanks</P> Wed, 10 May 2023 16:31:26 GMT https://community.cisco.com/t5/network-access-control/authentication-open-for-mab/m-p/4832754#M581674 rezaalikhani 2023-05-10T16:31:26Z https://community.cisco.com/t5/network-access-control/authentication-open-for-mab/m-p/4832756#M581675 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/146869">@rezaalikhani</a> yes, MAB and 802.1X</P> Wed, 10 May 2023 16:35:07 GMT https://community.cisco.com/t5/network-access-control/authentication-open-for-mab/m-p/4832756#M581675 Rob Ingram 2023-05-10T16:35:07Z https://community.cisco.com/t5/network-access-control/authentication-open-for-mab/m-p/4832762#M581676 <P>Hello</P> <P>&nbsp;It does in conjunction with MAB&nbsp; and dot1x.</P> <P>By definition:</P> <P><EM>"Open authentication is enabled by entering the <STRONG>authentication open</STRONG> command after host mode configuration,</EM><BR /><EM>and acts as an extension to the configured host mode. For example,<STRONG> if open authentication is enabled with</STRONG></EM><BR /><STRONG><EM>single-host mode, then the port will allow only one MAC address. When preauthentication open access is</EM></STRONG><BR /><STRONG><EM>enabled, initial traffic on the port is restricted only by whatever other access restriction, independent of 802.1X,</EM></STRONG><BR /><EM><STRONG>is configured on the port.</STRONG> If no access restriction other than 802.1X is configured on the port, then a client</EM><BR /><EM>device will have full access on the configured VLAN."</EM></P> <P>&nbsp; So, the implementation would be:</P> <P><EM>authentication host-mode multi-auth</EM></P> <P><EM>authentication open</EM></P> <P><EM>authentication order mab dot1x</EM></P> <P><EM>authentication priority dot1x mab</EM></P> <P><EM>authentication port-control auto</EM></P> <P>&nbsp;</P> Wed, 10 May 2023 16:43:15 GMT https://community.cisco.com/t5/network-access-control/authentication-open-for-mab/m-p/4832762#M581676 Flavio Miranda 2023-05-10T16:43:15Z