The monitor mode allows for the deployment of the authentication methods 802.1X, MAB, or web authentication without any effect on user or
endpoint access to the network. Monitor mode is like placing a security camera at the door to monitor and record
port access behavior
Monitor mode is enabled using 802.1X with the open access and multiauth mode Cisco
IOS Software features.
Monitor mode is configured with the authentication open command.
The default behavior of 802.1X is to block all data traffic except EAPOL. However, the open access feature allows you the option of providing unrestricted access to all traffic, even though authentication (802.1X, MAB, or web authorization) is enabled. Open access is accomplished with no impact to end users or network-attached hosts.
Even failed authentication will allow access
Network administrators can:
See who would have failed
Resolve the problem before causing a Denial of Service
No effect on user or endpoint access
AAA RADIUS accounting provides visibility into 802.1X operation
interface GigabitEthernet0/1
authentication host-mode multi-auth
authentication open
authentication port-control auto
mab
dot1x pae authenticator
No comments:
Post a Comment