SIMULATION
The Secure‐X company has recently successfully tested the 802.1X authentication deployment using
the Cisco Catalyst switch and the Cisco ISEv1.2 appliance. Currently, each employee desktop is
connected to an 802.1X enabled switch port and is able to use the Cisco AnyConnect NAM
802.1Xsupplicantto log in and connect to the network.
Currently, a new testing requirement is to add a network printer to the Fa0/19 switch port and have
it connect to the network. The network printer does not support 802.1X supplicant. The Fa0/19
switch port is now configured to use 802.1X authentication only.
To support this network printer, the Fa0/19 switch port configuration needs to be edited to enable
the network printer to authenticate using its MAC address. The network printer should also be on
VLAN 9.
Another network security engineer responsible for managing the Cisco ISE has already per‐
configured all the requirements on the Cisco ISE, including adding the network printer MAC address
to the Cisco ISE endpoint database and etc…
Your task in the simulation is to access the Cisco Catalyst Switch console then use the CLI to:
• Enable only the Cisco Catalyst Switch Fa0/19 switch port to authenticate the network printer
using its MAC address and:
• Ensure that MAC address authentication processing is not delayed until 802.1Xfails
• Ensure that even if MAC address authentication passes, the switch will still perform 802.1X
authentication if requested by a 802.1X supplicant
• Use the required show command to verify the MAC address authentication on the Fa0/19 is
successful
The switch enable password is Cisco
For the purpose of the simulation, to test the network printer, assume the network printer will be
unplugged then plugged back into the Fa0/19 switch port after you have finished the required
configurations on the Fa0/19 switch port.
Note: For this simulation, you will not need and do not have access to the ISE GUI To access the
switch CLI, click the Switch icon in the topology diagram
Answer: See the explanation
Explanation:
Initial configuration for fa 0/19 that is already done:AAA configuration has already been done for us. We need to configure mac address bypass on this
port to achieve the goal stated in the question. To do this we simply need to add this command
under the interface:mab
Then do a shut/no shut on the interface.
Verification: