In Cisco and hpe switches , we have dot1x and mab configured on each port and with dot1x as higher order and priority.
As we are doing the DHCP profiling for initial few weeks , we are not deny anything at radius level and even if both dot1x and mab fails we are allowing the port to connect to network .
There is a command " authentication open" . We don't want to have this command on every switch port as we already are allowing everything via radius .(no enforcement and allow access profile)
Is this command mandatory for running switch port in open mode from radius point of view ?
Now when we move from open to closed mode we will do the vlan enforcement and we don't want to touch any port to do anything .we want to control everything via radius .
I am bit confused about the authentication open command .
The goal is not to touch any port during closed mode once we do vlan enforcement