Is it possible for our security team to security scan all hosts on the network if they are using 802.1x authentication? I am trying to ensure that we can meet security scanning requirements and still use the 802.1x port-based authentication function. If not the other alternative is to use port security for end hosts. Any help/advice would be greatly appreciated.
If you are using open mode, you could put in a permit rule in the pre-auth acl on the switch port, that allows all traffic going to your scanners ip adress. Traffic from the scanner to the device on the switch port is not restricted normally.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
