https://community.cisco.com/t5/software-defined-access-sd-access/doubts-about-dot1x-with-failover-method-mab/m-p/5034374#M3083 <P>Dear All,</P><P>I configured the port of the test switch to use Dot1x as the first authentication, and as a fallback in case the dot1x failed, to use the Mab type authentication.</P><P>Everything seems to work correctly. But I have a question:</P><P>If I connected a New PC that is not present in the ISE Mab database, should the PC not be able to access the network?</P><P>Bye,</P><P>JF</P><P>&nbsp;</P> Tue, 05 Mar 2024 14:13:22 GMT ifabrizio 2024-03-05T14:13:22Z https://community.cisco.com/t5/software-defined-access-sd-access/doubts-about-dot1x-with-failover-method-mab/m-p/5034374#M3083 <P>Dear All,</P><P>I configured the port of the test switch to use Dot1x as the first authentication, and as a fallback in case the dot1x failed, to use the Mab type authentication.</P><P>Everything seems to work correctly. But I have a question:</P><P>If I connected a New PC that is not present in the ISE Mab database, should the PC not be able to access the network?</P><P>Bye,</P><P>JF</P><P>&nbsp;</P> Tue, 05 Mar 2024 14:13:22 GMT https://community.cisco.com/t5/software-defined-access-sd-access/doubts-about-dot1x-with-failover-method-mab/m-p/5034374#M3083 ifabrizio 2024-03-05T14:13:22Z https://community.cisco.com/t5/software-defined-access-sd-access/doubts-about-dot1x-with-failover-method-mab/m-p/5034375#M3084 <P>Follows the port switch config:</P><P>switchport access vlan 71<BR />switchport mode access<BR />switchport nonegotiate<BR />authentication event server dead action authorize<BR />authentication event server dead action authorize voice<BR />authentication event server alive action reinitialize<BR />authentication host-mode multi-auth<BR />authentication order dot1x mab<BR />authentication priority dot1x<BR />authentication port-control auto<BR />authentication periodic<BR />authentication timer reauthenticate server<BR />authentication timer inactivity server<BR />authentication violation restrict<BR />mab<BR />dot1x pae authenticator<BR />dot1x timeout tx-period 10<BR />spanning-tree portfast edge<BR />spanning-tree guard root<BR />end</P> Tue, 05 Mar 2024 14:15:26 GMT https://community.cisco.com/t5/software-defined-access-sd-access/doubts-about-dot1x-with-failover-method-mab/m-p/5034375#M3084 ifabrizio 2024-03-05T14:15:26Z https://community.cisco.com/t5/software-defined-access-sd-access/doubts-about-dot1x-with-failover-method-mab/m-p/5034376#M3085 <P>according to condition in Authentication policy, if you select if the endpoint unknown the action continue for authz if not then the user will failed to access&nbsp;</P> <P>MHM</P> Tue, 05 Mar 2024 14:18:16 GMT https://community.cisco.com/t5/software-defined-access-sd-access/doubts-about-dot1x-with-failover-method-mab/m-p/5034376#M3085 MHM Cisco World 2024-03-05T14:18:16Z