Configuring Cisco ISE Authentication Policy for Unknown MAC Addresses/Identities
Question
What should be configured on the Cisco ISE authentication policy for unknown MAC addresses/identities for successful authentication?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A.
In Cisco Identity Services Engine (ISE), the authentication policy determines the actions to be taken on incoming authentication requests. When a new device attempts to connect to the network, its MAC address is initially unknown to the ISE. In this case, the authentication policy needs to be configured to handle unknown MAC addresses for successful authentication.
The correct answer to the question is A. "continue."
When "continue" is configured in the authentication policy for unknown MAC addresses, the ISE allows the authentication request to proceed to the next authentication policy rule. This is useful for situations where the ISE needs to apply different authentication methods or policies to different types of devices.
The other answer choices have different meanings and would not be appropriate for this scenario:
"Pass" means to immediately allow access, which would be insecure for an unknown device.
"Drop" means to silently discard the authentication request, which would result in the device being unable to connect to the network.
"Reject" means to explicitly deny the authentication request, which would also result in the device being unable to connect to the network.
Therefore, "continue" is the best option to configure in the authentication policy for unknown MAC addresses in order to allow for successful authentication.
