There is no MAB in the config. So any question with MAB working is false. D is fasle.
Dot1x config is correct.
As there is no info that the client is misconfigured it is B
i not sure about this,
but since the authentication port-control auto is not configed on the switch then no authentication will be forced on that case, and the device will get connected.
It could be true, however, on the catalyst switch (9300) I work with, no shutdown is not displayed by show run int ... . Only shutdown would be displayed. If we do not see anything like that then the no shutdown has been applied.
C its so Easy. The config is missing "dot1x pae authenticatior" so 802.1x will not work. MAB also will not work since interface is missing mac auth config
I will go with A:
In the given configuration, the line "dot1x pae authenticator" is present. This command enables the switch interface to act as an authenticator for 802.1X authentication. However, the configuration does not include any specific 802.1X authentication settings such as the EAP (Extensible Authentication Protocol) method or RADIUS server information.
Additionally, the line "switchport mode voice vlan 44" indicates that the interface is configured to use a Voice VLAN. This suggests that the device connecting to this port might be a VoIP phone, which typically uses MAB for authentication rather than 802.1X.
Therefore, when this device tries to connect to the port, 802.1X authentication will not work because it is not configured properly. However, since MAB is enabled by default when 802.1X fails, MAB will start and allow the device on the network.
... ok after rethinking this question I need your help guys
WHAT DEVICE - this question make no sense, what do they mean a PC, Printer, Phone, Access Point,
I dont get it??
Looks like something is missing in the question.
"What will occur when this device" - what is this device?
authentication port-control auto is missing from the config so it will not be forced by switch to initiate authentication = device will be just put to access vlan, in fact MAB is not cofnigured for authenticaiton, but device while not being asked, will present itself with MAC and just be allowed? I will vote for A
Looks like something is missing in the question.
"What will occur when this device" - what is this device?
authentication port-control auto is missing from the config so it will not be forced by switch to initiate authentication = device will be just put to access vlan, in fact MAB is not cofnigured for authenticaiton, but device while not being asked, will present itself with MAC and just be allowed? I will vote for A
The "authentication port-control auto" command is not missing :)
The "access-session port-control auto" command instructs the switch port to rely on 802.1X authentication for access control. Devices need to successfully authenticate to gain access, and the switch automatically grants access upon successful authentication.
look at the description on the port, it says dot1x port. Leading me to believe that B is the correct answer. The device (workstation) will be allowed on the network.
Hello, maybe I'm wrong but :
- A and D are wrong answers because "mab" is missing in the interface configuration
Regarding 802.1X : The interface configuration is OK. Even if there is no information regarding the policies, the supplicant (which supports 802.1X (a notebook for instance)) can communicate with the Authenticator (the swich) using the 801.1X protocol. And thus, the answer C should be excluded.
The only answer which remains is B. And more precisely regarding the answer B : It is sure that "802.1X will work" but it is not that "the device will be allowed on the network" (because it depends on the Authentication as well as the Authorization (which are validated and authorized by the server (ISE))
D is correct as we don't know if the device "will be allowed" (i. e. options A, B, C).
Instead "ISE can use policy to determine the access level" = option D.
In this case, the new style of auth. configuration is used with "policy-map type control subscriber", which provides very wide range of parameters by which connected devices and their sessions can be matched and authenticated / authorized / denied. All types of authentication can be used - Dot1X, MAB, WebAuth.
Example:
policy-map type control subscriber CONCURRENT_DOT1X_MAB_WEBAUTH
event session-started match-all
10 class always do-until-failure
10 authenticate using mab priority 20
20 authenticate using dot1x priority 10
(rest ommited for brevity)
Reference: https://www.cisco.com/en/US/docs/ios-xml/ios/san/configuration/xe-3se/3850/san-cntrl-pol.html
This is the only correct answer. We are using IBNS2.0 here and it appears the default policy is in use so both MAB and .1x can be used. Source: I work with ISE & Switches everyday :)
Incorrect, mab command is not needed at the interface level.
policy-map type control subscriber TEST4
event session-started match-all
10 class always do-until-failure
10 authenticate using dot1x priority 10
20 authenticate using mab priority 20
event authentication-failure match-first
10 class DOT1X_FAILED do-until-failure
10 terminate dot1x
20 class MAB_FAILED do-until-failure
10 terminate mab
20 authenticate using dot1x priority 10
30 class DOT1X_NO_RESP do-until-failure
10 terminate dot1x
20 authentication-restart 60
40 class always do-until-failure
10 terminate mab
20 terminate dot1x
30 authentication-restart 60
event agent-found match-all
10 class always do-until-failure
10 terminate mab
20 authenticate using dot1x priority 10
event authentication-success match-all
10 class always do-until-failure
10 activate service-template DEFAULT_LINKSEC_POLICY_SHOULD_SECURE
!
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Tuxzinator
Highly Voted 2 years, 4 months agoBrahimMELLAL
Most Recent 4 months, 1 week agoDemon_Queen_Velverosa
9 months, 2 weeks agoPremium_Pils
8 months, 2 weeks agoKorndal
1 year agoKorndal
1 year agoF0rtyx40
1 year, 11 months agoums008
1 year, 12 months agoJessie45785
2 years, 1 month agojahax
2 years, 2 months agojahax
2 years, 2 months agoTthurston1
1 year agoJessie45785
2 years, 3 months agobmayer
2 years, 4 months agosiskusisko
2 years, 5 months agoEmlia1
2 years, 7 months agosis_net_sec
2 years, 8 months agoJamesy
2 years, 9 months agodarkor2
3 years agoNikoNiko
2 years, 12 months agouser_topic
2 months agoharvey227
2 years, 11 months agouser_topic
2 months agoharvey227
2 years, 11 months ago