ISE Command Explanation
????. ????????????????????????????
???????????????? at Express System Ltd.
The following command allows multiple endpoints on the same physical access port:
authentication host-mode multi-auth
This command enables pre-auth access before AAA response which is subject to the port ACL: authentication open
These commands are here to specify that IOS Flex-Auth authentication should perform 802.1X first and then MAB:
authentication order dot1x mab
authentication priority dot1x mab
These commands enable port-based authentication on the interface:
?authentication port-control auto authentication violation restrict
This command enables re-authentication on the interface:
authentication periodic
This command enables MAC Authentication Bypass (MAB) on the interface:
mab
This command enables 802.1x authentication in the interface:
dot1x pae authenticator
This command sets the retransmit period to 10 seconds:
dot1x timeout tx-period 10
IP Device Tracking
The IP Device Tracking maintains a database of IP and MAC addresses that are used to get the source IP of dynamic ACL, and to maintain the binding of the IPs to the security group tags.
sw#show ip device tracking all
IP Device Tracking = Enabled
IP Device Tracking Probe Count = 3
IP Device Tracking Probe Interval = 30
IP Device Tracking Probe Delay Interval = 0
-----------------------------------------------------------------------
IP Address MAC Address Vlan Interface STATE
-----------------------------------------------------------------------
192.168.40.52 8c16.450b.2ecf 10 FastEthernet0/7 ACTIVE
?
CCNP SCOR | F5-101 | SOPHOS Certified Engineer | NSE1 | NSE 2 | NSE 4 | Android Developer | Docker
1 年Carry on brother