The switch enable password is Cisco For the purpose of the simulation…

SIMULATION
The Secure-X company has recently successfully tested the 802.1X authentication deployment
using the Cisco Catalyst switch and the Cisco ISEv1.2 appliance. Currently, each employee
desktop is connected to an 802.1X enabled switch port and is able to use the Cisco AnyConnect
NAM 802.1Xsupplicantto log in and connect to the network.
Currently, a new testing requirement is to add a network printer to the Fa0/19 switch port and
have it connect to the network. The network printer does not support 802.1X supplicant. The
Fa0/19 switch port is now configured to use 802.1X authentication only.
To support this network printer, the Fa0/19 switch port configuration needs to be edited to
enable the network printer to authenticate using its MAC address. The network printer should
also be on VLAN 9.
Another network security engineer responsible for managing the Cisco ISE has already perconfigured all the requirements on the Cisco ISE, including adding the network printer MAC
address to the Cisco ISE endpoint database and etc…
Yourtask in the simulation is to access the Cisco Catalyst Switch console then use the CLI to:
• Enable only the Cisco Catalyst Switch Fa0/19 switch port to authenticate the network printer
using its MAC address and:
• Ensure that MAC address authentication processing is not delayed until 802.1Xfails
• Ensure that even if MAC address authentication passes, the switch will still perform 802.1X
authentication if requested by a 802.1X supplicant
• Use the required show command to verify the MAC address authentication on the Fa0/19 is
successful
The switch enable password is Cisco
For the purpose of the simulation, to test the network printer, assume the network printer will
be unplugged then plugged back into the Fa0/19 switch port after you have finished the
required configurations on the Fa0/19 switch port.
Note: For this simulation, you will not need and do not have access to the ISE GUI To access the
switch CLI, click the Switch icon in the topology diagram

SIMULATION
The Secure-X company has recently successfully tested the 802.1X authentication deployment
using the Cisco Catalyst switch and the Cisco ISEv1.2 appliance. Currently, each employee
desktop is connected to an 802.1X enabled switch port and is able to use the Cisco AnyConnect
NAM 802.1Xsupplicantto log in and connect to the network.
Currently, a new testing requirement is to add a network printer to the Fa0/19 switch port and
have it connect to the network. The network printer does not support 802.1X supplicant. The
Fa0/19 switch port is now configured to use 802.1X authentication only.
To support this network printer, the Fa0/19 switch port configuration needs to be edited to
enable the network printer to authenticate using its MAC address. The network printer should
also be on VLAN 9.
Another network security engineer responsible for managing the Cisco ISE has already perconfigured all the requirements on the Cisco ISE, including adding the network printer MAC
address to the Cisco ISE endpoint database and etc…
Yourtask in the simulation is to access the Cisco Catalyst Switch console then use the CLI to:
• Enable only the Cisco Catalyst Switch Fa0/19 switch port to authenticate the network printer
using its MAC address and:
• Ensure that MAC address authentication processing is not delayed until 802.1Xfails
• Ensure that even if MAC address authentication passes, the switch will still perform 802.1X
authentication if requested by a 802.1X supplicant
• Use the required show command to verify the MAC address authentication on the Fa0/19 is
successful
The switch enable password is Cisco
For the purpose of the simulation, to test the network printer, assume the network printer will
be unplugged then plugged back into the Fa0/19 switch port after you have finished the
required configurations on the Fa0/19 switch port.
Note: For this simulation, you will not need and do not have access to the ISE GUI To access the
switch CLI, click the Switch icon in the topology diagram

Answer: See the explanation

Explanation:
Initial configuration for fa 0/19 that is already done:

AAA configuration has already been done for us. We need to configure mac address bypass on
this port to achieve the goal stated in the question. To do this we simply need to add this
command under the interface:
mab
Then do a shut/no shut on the interface.
Verification:



Leave a Reply 0

Your email address will not be published. Required fields are marked *