An engineer is starting to implement a wired 802.1X project throughout the campus. The task is for failed authentication to be logged to Cisco ISE and also have a minimal impact on the users. Which command must the engineer configure?
If a switchport is in "monitor mode" with the "authentication open" command, then even if ISE sends back a deny or "Access-Reject", the switch will ignore that and still allow traffic to pass. The whole point of "monitor mode" is to see what ISE would allow and not allow. So you can continue to fine-tune your ISE policies. So in ISE, you would see a red deny in the Radius Live Logs, but the switch would not block any traffic for that device. The user or device would not be impacted at all! Then once you are comfortable that ISE is doing what it is supposed to, then you can remove the "authentication open" command from the switchports. Only then will the switch enforce what ISE says.
For me here it's the answer C.
authentication open
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.300-715 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
TiberiuszSun
6 months, 2 weeks agoKorndal
8 months, 2 weeks agofactmrojas
9 months, 1 week agoZoneHacker
10 months ago