Is it possible for our security team to security scan all hosts on the network if they are using 802.1x authentication? I am trying to ensure that we can meet security scanning requirements and still use the 802.1x port-based authentication function. If not the other alternative is to use port security for end hosts. Any help/advice would be greatly appreciated.
If you are using open mode, you could put in a permit rule in the pre-auth acl on the switch port, that allows all traffic going to your scanners ip adress. Traffic from the scanner to the device on the switch port is not restricted normally.
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
