- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2023 09:31 AM
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2023 09:35 AM
@rezaalikhani yes, MAB and 802.1X
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2023 09:43 AM
Hello
It does in conjunction with MAB and dot1x.
By definition:
"Open authentication is enabled by entering the authentication open command after host mode configuration,
and acts as an extension to the configured host mode. For example, if open authentication is enabled with
single-host mode, then the port will allow only one MAC address. When preauthentication open access is
enabled, initial traffic on the port is restricted only by whatever other access restriction, independent of 802.1X,
is configured on the port. If no access restriction other than 802.1X is configured on the port, then a client
device will have full access on the configured VLAN."
So, the implementation would be:
authentication host-mode multi-auth
authentication open
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2023 09:35 AM
@rezaalikhani yes, MAB and 802.1X
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2023 09:43 AM
Hello
It does in conjunction with MAB and dot1x.
By definition:
"Open authentication is enabled by entering the authentication open command after host mode configuration,
and acts as an extension to the configured host mode. For example, if open authentication is enabled with
single-host mode, then the port will allow only one MAC address. When preauthentication open access is
enabled, initial traffic on the port is restricted only by whatever other access restriction, independent of 802.1X,
is configured on the port. If no access restriction other than 802.1X is configured on the port, then a client
device will have full access on the configured VLAN."
So, the implementation would be:
authentication host-mode multi-auth
authentication open
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
