In the use of 802.1X access control, which three protocols are allowed through the switch
port before authentication takes place? Select three.

A.
Configure only trusted interfaces with root guard.

B.
Implement private VLANs (PVLANs) to carry only user traffic.

C.
Implement private VLANs (PVLANs) to carry only DHCP traffic.

D.
Configure only untrusted interfaces with root guard.

E.
Configure DHCP spoofing on all ports that connect untrusted clients.

F.
Configure DHCP snooping only on ports that connect trusted DHCP servers.

G.
None of the other alternatives apply

Explanation:
The IEEE 802.1x standard defines a port-based access control and authentication protocol
that restricts unauthorized workstations from connecting to a LAN through publicly
accessible switch ports. The authentication server authenticates each workstation that is
connected to a switch port before making available any services offered by the switch or the
LAN. Until the workstation is authenticated, 802.1x access control allows only Extensible
Authentication Protocol over LAN (EAPOL) traffic through the port to which the workstation is
connected. After authentication succeeds, normal traffic can pass through the port.
The Authentication server performs the actual authentication of the client. The authentication
server validates the identity of the client and notifies the switch whether or not the client is
authorized to access the LAN and switch services. Because the switch acts as the proxy, the
authentication service is transparent to the client. In this release, the Remote Authentication
Dial-In User Service (RADIUS) security system with Extensible Authentication Protocol
(EAP) extensions is the only supported authentication server; it is available in Cisco Secure
Access Control Server version 3.0. RADIUS operates in a client/server model in which

secure authentication information is exchanged between the RADIUS server and one or
more RADIUS clients.
Spanning-Tree Protocol (STP) is a Layer 2 protocol that utilizes a special-purpose algorithm
to discover physical loops in a network and effect a logical loop-free topology. STP creates a
loop-free tree structure consisting of leaves and branches that span the entire Layer 2
network. The actual mechanics of how bridges communicate and how the STP algorithm
works will be discussed at length in the following topics. Note that the terms bridge and
switch are used interchangeably when discussing STP. In addition, unless otherwise
indicated, connections between switches are assumed to be trunks.
CDP is a Cisco proprietary protocol that operates at the Data Link layer. One unique feature
about operating at Layer 2 is that CDP functions regardless of what Physical layer media
you are using (UTP, fiber, and so on) and what Network layer routed protocols you are
running (IP, IPX, AppleTalk, and so on). CDP is enabled on all Cisco devices by default, and
is multicast every 60 seconds out of all functioning interfaces, enabling neighbor Cisco
devices to collect information about each other. Although this is a multicast message, Cisco
switches do not flood that out to all their neighbors as they do a normal multicast or broadcast.
For STP, CDP and EAP-over-LAN are allowed before Authentication.