Exam 300-208 topic 1 question 226 discussion

The 802.1x standard defines a client-server-based access control and authentication protocol that prevents unauthorized clients from connecting to a LAN through publicly accessible ports unless they are properly authenticated. The authentication server authenticates each client connected to a switch port before making available any services offered by the switch or the LAN. Until the client is authenticated, 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP) traffic through the port to which the client is connected. After authentication is successful, normal traffic can pass through the port.

The correct answer here is A. The port starts in the unauthorized state. While the port is in this state, the port that is not configured as a voice VLAN port disallows all ingress and egress traffic except for 802.1X, Cisco Discovery Protocol, and STP packets. When a client is successfully authenticated, the port changes to the authorized state and allows all traffic for the client to flow normally. If the port is configured as a voice VLAN port, the port allows VoIP traffic and 802.1X protocol packets before the client is successfully authenticated. If a client that does not support 802.1X connects to an unauthorized 802.1X port, the switch requests the identity of the client. In this situation, if the client does not respond to the request, the port remains in the unauthorized state, and the client is not granted access to the network. See Page 9-4: https://www.cisco.com/c/en/us/td/docs/switches/metro/me3400e/software/release/12-2_55_se/configuration/guide/ME3400e_scg/sw8021x.pdf