Page 693 Study Guide After you set the limit, the port begins tracking MAC addresses and defines the authorization status and settings for each separately. For example, in the scenario with the computer and VoIP phone, the switch port sends an EAP Request/Identity to each separate MAC address detected on the port. If the VoIP phone authenticates successfully, but the computer fails, the computer traffic is blocked. [Aruba Networks]

if you want the computer and IP phone to authenticate separately so that an unauthorized user cannot piggyback on the IP phone’s session. Make sure to set the 802.1X client-limit to 2 so that the port operates in user-mode and authenticates each device separately. what is the meaning in A, fallback mode, just combine the MAC-Auth and 802.1X, not fallback

The default for client-limit is 1 "Command specifies the maximum number of clients. Default: 1. Range: 1 to 32 (6200). 1 to 256 (6300, 6400)." Therefore this needs to be change C is correct

If B refers to MAC authentication, I would chose this, else A. Why I do not believe the answer to be C: the question says: "Some devices support no form of authentication, and some support 802.1X. Some ports have a VoIP phone and a PC connected to the same port," There are devices who support 802.1X and some no authentication at all, which leaves MAC auth as only possibility - or bypassing 802.1X (fallback)

fallback mode if for the radius part; client limit is for multiple authent on one port (ie phone + pc) From doc : aaa port-access authenticator <port-list> client-limit <1-32> Used after executing aaa port-access authenticator <port-list> to convert authentication from port-based to user-based. Specifies user-based 802.1X authentication and the maximum number of 802.1X-authenticated client sessions allowed on each of the ports in <port-list>. If a port currently has no authenticated client sessions, the next authenticated client session the port accepts determines the untagged VLAN membership to which the port is assigned during the session. If another client session begins later on the same port while an earlier session is active, the later session will be on the same untagged VLAN membership as the earlier session.

C - absolutely correct

Correct answer is C

Pretty sure both A and C are necessary here.

C - absolutely correct

the correct Answer is C

C is correct page 306 user guide

I think the answer is C. we need to chnage the client device limit . A is not correct because VOIP device is not for 802.1X