02-02-2017 07:42 PM - edited 03-11-2019 12:26 AM
Can someone out here please explain the meaning of below
interface <interface_number>
authentication order mab dot1x
authentication priority dot1x mab
what is the real-time use of order and priority commands ?
Is it mandatory to have priority command ?
Please give some real-life exmaples
Solved! Go to Solution.
02-02-2017 11:11 PM
Start with reading the following document. It will give you some good examples:
Flexible Authentication Order, Priority, and Failed Authentication
02-02-2017 11:11 PM
Start with reading the following document. It will give you some good examples:
Flexible Authentication Order, Priority, and Failed Authentication
02-05-2017 09:58 PM
Here is my understanding , if someone would like to comment and confim if this is correct
Use case 1 :
authentication order mab dot1x
authentication priority dot1x mab
Result- first client will do MAB ( if this passed ) then will do the dot1x. If MAB auth failed then also do the dot1x. Negative side of this is that each and every device has to go through MAB process- overhead on ISE . if DOT1x is not successful it will get the policy as configured for MAB.
Use Case 2-
authentication order mab dot1x
authentication priority mab Dot1x
MAB failed , it will go to Dot1x
MAB passed- it will not go to DOT1x.
Use Case 3-
authentication order dot1x mab
authentication priority mab Dot1x
End-point will do Dot1x, will only go to MAB if DOT1x Fails.
10-20-2018 01:47 AM
Could anyone confirm that if:
order mab dot1x
priority dot1x mab
then a dot1x client will start up as mab but immediately be switched to dot1x upon sending an eapol frame?
ie it doesn't have to fail the mab process to progress to dot1x and therefore the mab process won't fail due to the dot1x being sucessful?
10-26-2018 08:50 PM
Yes.
10-30-2018 01:12 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide