PrepAway - Latest Free Exam Questions & Answers

Which of the following statements is true regarding the dot1x system-auth-control command?

Which of the following statements is true regarding the dot1x system-auth-control command?

A. It enables 802.1X authentication on a single interface.

B. It is used to prepare a single port to accept traffic from multiple hosts.

C. It restores the default 802.1X parameters on the device.

D. It enables 802.1X authentication globally.

Explanation:
The dot1x system-auth-control command enables 802.1X authentication globally on a switch. The 802.1X standard is a port-based authentication method defined by the Institute of Electrical and Electronics Engineers (IEEE). Devices that are connected to 802.1X-enabled ports must first be authenticated by an authentication server that resides on the local network. Authentication requests are relayed from the client to the authentication server through an authenticator. The authenticator is used to accept authentication credentials, which are then relayed to the authentication server. Once authentication has been approved, a response is sent back to the authenticator and physical access is allowed to the requesting client. Before you can configure individual ports to use 802.1X authentication, you must first enable 802.1X across the entire platform.

The dot1x system-auth-control command does not enable 802.1X authentication on a single interface. Instead, the authentication port-control command is used to enable 802.1X authentication on a single interface. This command can be configured to use one of three modes: auto, force-authorized, or force-unauthorized. When the auto keyword is used, any device connected to the port must undergo the authorization process before gaining access to the network. When the force-authorized keyword is used, any device connected to an 802.1X-enabled port is automatically authorized and granted access to the network. Conversely, when the force-unauthorized keyword is used, any connected device is automatically unauthorized and denied from accessing the network.

The dot1x system-auth-control command does not prepare a single port to accept traffic from multiple hosts. Instead, the authentication host-mode multi-host command is used to prepare a single port to accept traffic from multiple hosts. This command should be used on 802.1X-enabled ports that are connected to a network device, such as a hub, that could be used to connect multiple devices. When multihost mode is used, the first device to use the port must be authenticated. After the initial device is authenticated, any additional device that is using the port will be allowed network access. This command requires that the authentication port-control auto command be issued first.

The dot1x system-auth-control command does not restore the default 802.1X parameters on a device. Instead, the dot1x default command is used to restore the default 802.1X parameters on a device. This command can be issued from global configuration mode or from interface configuration mode. After issuing this command, you can verify the 802.1X authentication parameters by issuing the show dot1x command.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/d1/sec-d1-cr-book/sec-cr-d2.html#wp1782812608


Leave a Reply