From the course: Cisco CCNP SCOR Security (350-701) Cert Prep: 3 Endpoint Protection and Secure Access
Unlock this course with a free trial
Join today to access over 22,500 courses taught by industry experts.
MAB
- [Instructor] In addition to 802.1X that we looked at in our previous lesson, we also need to examine MAB Mac address bypass. Not all devices on our network will support 802.1X authentication. In some cases we may have something like a network printer that wouldn't support 802.1X authentication. So rather than disabling 802.1X we can still secure our switch ports using MAB. When we use MAB, the switch is going to drop all of the frames except for the first frame from which it can learn the Mac address. Once the switch has learned the Mac address it's going to contact the radius server in this case Cisco ISE, to see if the Mac address should be permitted. So while this does offer some protection in instances where we can't use 802.1X authentication, it's not the best overall option. Obviously Mac addresses can be easily spoofed. So this is something we would use in conjunction with 802.1X. In any event this is fairly simple to implement using Cisco ISE as our authentication server…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
(Locked)
Guest services6m 48s
-
(Locked)
Profiling7m 32s
-
(Locked)
BYOD policies5m 52s
-
802.1X11m 11s
-
(Locked)
MAB4m 56s
-
(Locked)
WebAuth7m 43s
-
(Locked)
DNS tunneling3m 15s
-
(Locked)
HTTPS3m 50s
-
(Locked)
Email3m 12s
-
(Locked)
File transfer protocols3m 54s
-
(Locked)
ICMP4m 8s
-
(Locked)
NTP3m 34s
-
Cisco Stealthwatch6m 58s
-
(Locked)
Cisco Stealthwatch cloud5m 53s
-
(Locked)
Cisco pxGrid4m 10s
-
(Locked)
Cisco CTA and ETA6m 23s
-
(Locked)
Cisco AnyConnect Network Visibility Module (NVM)3m 26s
-
(Locked)
-