PrepAway - Latest Free Exam Questions & Answers

Which of the following VLAN types can you specify as an…

You want to use the authentication event noresponse action authorize vlan 101 command to ensure that
network devices incapable of using 802.1X authentication are automatically placed into VLAN 101, which is the
guest VLAN.
Which of the following VLAN types can you specify as an 802.1X guest VLAN? (Select the best answer.)

PrepAway - Latest Free Exam Questions & Answers

A.
a primary private VLAN

B.
a secondary private VLAN

C.
a voice VLAN

D.
an RSPAN VLAN

Explanation:
Of the choices available, you can configure a secondary private virtual LAN (VLAN) as an 802.1X guest VLAN
with the authentication event noresponse action authorize vlan 101 command. The authentication event
noresponse action authorize vlancommand specifies the VLAN into which a switch should place a port if it does
not receive a response to the 802.1X Extensible Authentication Protocol over LAN (EAPoL) messages it sends
on that port. The VLAN ID must be a number from 1 through 4094. The VLAN ID can specify any active VLAN
except for a Remote Switch Port Analyzer (RSPAN) VLAN, a primary private VLAN, or a voice VLAN. In
addition, a guest VLAN can be configured on only access ports, not on routed ports or trunk ports.
When a guest VLAN is configured, the switch will grant non802.1Xcapable clients access to the guest VLAN?
however, if an 802.1Xcapable device is detected, the switch will place the port into an unauthorized state and
will deny access to all devices on the port. You can use the authentication event fail action command to specify
how the switch should react if an 802.1X client is detected and the client fails to authenticate. There are two
configurable parameters: nextmethod and authorize vlanid. The authorize vlanid parameter configures a
restricted VLAN, which is functionally similar to the guest VLAN. The nextmethod parameter configures the
switch to attempt authentication by using the next authentication method specified in the authentication order
command. For example, if the authentication order 802.1X mab webauth command has been configured and
802.1X authentication fails, the switch will attempt to use Media Access Control (MAC) Authentication Bypass
(MAB) to authenticate the client based on its MAC address? if MAB fails, the switch will attempt webbased
authentication. If the nextmethod parameter is configured, the switch will indefinitely cycle through
authentication methods unless Web Authentication (WebAuth) is configured. If WebAuth is configured, the
authentication process will not loop back to other authentication methods and the switch will ignore EAPoL
messages on the port.

Cisco: Configuring IEEE 802.1x PortBased Authentication: Configuring a Guest VLAN


Leave a Reply