There is no MAB in the config. So any question with MAB working is false. D is fasle.
Dot1x config is correct.
As there is no info that the client is misconfigured it is B
i not sure about this,
but since the authentication port-control auto is not configed on the switch then no authentication will be forced on that case, and the device will get connected.
It could be true, however, on the catalyst switch (9300) I work with, no shutdown is not displayed by show run int ... . Only shutdown would be displayed. If we do not see anything like that then the no shutdown has been applied.
C its so Easy. The config is missing "dot1x pae authenticatior" so 802.1x will not work. MAB also will not work since interface is missing mac auth config
I will go with A:
In the given configuration, the line "dot1x pae authenticator" is present. This command enables the switch interface to act as an authenticator for 802.1X authentication. However, the configuration does not include any specific 802.1X authentication settings such as the EAP (Extensible Authentication Protocol) method or RADIUS server information.
Additionally, the line "switchport mode voice vlan 44" indicates that the interface is configured to use a Voice VLAN. This suggests that the device connecting to this port might be a VoIP phone, which typically uses MAB for authentication rather than 802.1X.
Therefore, when this device tries to connect to the port, 802.1X authentication will not work because it is not configured properly. However, since MAB is enabled by default when 802.1X fails, MAB will start and allow the device on the network.
... ok after rethinking this question I need your help guys
WHAT DEVICE - this question make no sense, what do they mean a PC, Printer, Phone, Access Point,
I dont get it??
Looks like something is missing in the question.
"What will occur when this device" - what is this device?
authentication port-control auto is missing from the config so it will not be forced by switch to initiate authentication = device will be just put to access vlan, in fact MAB is not cofnigured for authenticaiton, but device while not being asked, will present itself with MAC and just be allowed? I will vote for A
Looks like something is missing in the question.
"What will occur when this device" - what is this device?
authentication port-control auto is missing from the config so it will not be forced by switch to initiate authentication = device will be just put to access vlan, in fact MAB is not cofnigured for authenticaiton, but device while not being asked, will present itself with MAC and just be allowed? I will vote for A
The "authentication port-control auto" command is not missing :)
The "access-session port-control auto" command instructs the switch port to rely on 802.1X authentication for access control. Devices need to successfully authenticate to gain access, and the switch automatically grants access upon successful authentication.
look at the description on the port, it says dot1x port. Leading me to believe that B is the correct answer. The device (workstation) will be allowed on the network.
Hello, maybe I'm wrong but :
- A and D are wrong answers because "mab" is missing in the interface configuration
Regarding 802.1X : The interface configuration is OK. Even if there is no information regarding the policies, the supplicant (which supports 802.1X (a notebook for instance)) can communicate with the Authenticator (the swich) using the 801.1X protocol. And thus, the answer C should be excluded.
The only answer which remains is B. And more precisely regarding the answer B : It is sure that "802.1X will work" but it is not that "the device will be allowed on the network" (because it depends on the Authentication as well as the Authorization (which are validated and authorized by the server (ISE))
D is correct as we don't know if the device "will be allowed" (i. e. options A, B, C).
Instead "ISE can use policy to determine the access level" = option D.
In this case, the new style of auth. configuration is used with "policy-map type control subscriber", which provides very wide range of parameters by which connected devices and their sessions can be matched and authenticated / authorized / denied. All types of authentication can be used - Dot1X, MAB, WebAuth.
Example:
policy-map type control subscriber CONCURRENT_DOT1X_MAB_WEBAUTH
event session-started match-all
10 class always do-until-failure
10 authenticate using mab priority 20
20 authenticate using dot1x priority 10
(rest ommited for brevity)
Reference: https://www.cisco.com/en/US/docs/ios-xml/ios/san/configuration/xe-3se/3850/san-cntrl-pol.html
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Tuxzinator
Highly Voted 2 years, 2 months agoBrahimMELLAL
Most Recent 2 months agoDemon_Queen_Velverosa
7 months, 1 week agoPremium_Pils
6 months, 2 weeks agoKorndal
10 months agoKorndal
10 months agoF0rtyx40
1 year, 9 months agoums008
1 year, 9 months agoJessie45785
1 year, 11 months agojahax
2 years agojahax
2 years agoTthurston1
10 months, 1 week agoJessie45785
2 years agobmayer
2 years, 2 months agosiskusisko
2 years, 3 months agoEmlia1
2 years, 4 months agosis_net_sec
2 years, 6 months agoJamesy
2 years, 7 months agodarkor2
2 years, 10 months agoNikoNiko
2 years, 9 months agoharvey227
2 years, 8 months agoharvey227
2 years, 8 months ago