An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones.
The phones do not have the ability to authenticate via 802.1X.
Which command is needed on each switch port for authentication?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The correct answer is D. mab.
When using Cisco Identity Services Engine (ISE) to authenticate devices on a network, there are three main types of authentication:
802.1X - This method requires that the device supports 802.1X authentication and can provide valid credentials to authenticate to the network.
MAC Authentication Bypass (MAB) - This method allows non-802.1X capable devices to authenticate to the network by providing the MAC address of the device.
Web Authentication - This method requires users to authenticate via a web portal.
In this scenario, since the IP phones do not have the ability to authenticate via 802.1X, the best method to use is MAB. This allows the phones to be authenticated using their MAC addresses.
To enable MAB on a switch port, the "mab" command needs to be added to the port configuration. This can be done using the following command:
vbnetinterface <interface> authentication control-direction in authentication order mab authentication priority mab authentication port-control auto This command enables MAB authentication on the specified interface and sets the authentication order to MAB only. It also sets the port control to auto, which allows the switch to dynamically determine whether to use MAB or 802.1X authentication based on the capabilities of the device.
Option A, "dot1x system-auth-control," is used to enable 802.1X authentication on the switch.
Option B, "enable bypass-MAC," is not a valid command.
Option C, "enable network-authentication," is used to enable Web Authentication on the switch.