bundle

50%

You are here: Home > Cisco Exam Questions > 300-420 > What command disables 802.1x authentication on a port and permits traffic without authentication?

PrepAway - Latest Free Exam Questions & Answers

What command disables 802.1x authentication on a port and permits traffic without authentication?

adminMarch 2, 2020

What command disables 802.1x authentication on a port and permits traffic without authentication?

A. dot1x port-control disable
B. dot1x port-control force-unauthorized
C. dot1x port-control auto

D. dot1x port-control force-authorized

Explanation:

The command dot1x port-control force-authorized is used to disable 802.1x on a port and permit traffic without authentication. Dot1x ports are in one of two states, authorized or unauthorized. Authorized ports permit user traffic to flow through the port. This state usually follows successful authentication. Unauthorized ports only permit authorization traffic to flow through the port. Usually a port begins in the unauthorized state. A user is then allowed to exchange AAA authentication traffic with the port. Once the user has been authenticated successfully, the port is changed to the authorized state and the user is permitted to use the port normally.

Normal use of 802.1x has the port configured with the dot1x port-control auto statement. This places the port in the unauthorized state until successful authentication. After successful authentication, the port is changed to the authorized state.

When 802.1x is initially configured, the default port control of the ports is force-authorized. This forces the port to be in the authorized state without successful authentication. This setting disables the need for authentication and permits all traffic.

The force-unauthorized keyword configures the port as an unauthorized port regardless of authentication traffic. A port configured with this key word would not permit user traffic, not even authentication traffic.

The command dot1x port-control disable is not a valid command due to incorrect syntax.

Objective:
Infrastructure Security
Sub-Objective:
Describe device security using Cisco IOS AAA with TACACS+ and RADIUS

References:
Cisco > Catalyst 6500 Series Release 15.0SY Software Configuration Guide > Security > IEEE 802.1X Port-Based Authentication
Cisco > Catalyst 4500 Series Switch Cisco IOS Command Reference, 12.2(52)SG > aaa accounting dot1x default start-stop group radius through instance > dot1x port-control
Cisco > Catalyst 4500 Series Switch Cisco IOS Command Reference, 12.2(52)SG > aaa accounting dot1x default start-stop group radius through instance > dot1x port-control

Leave a Reply Cancel reply

You must be logged in to post a comment.

Move Up