A network architect has planned an 802.1X solution for a company with these requirements:
The solution authenticates employees who connect with wired connections.
The access layer switches are HP ProVision switches.
The core device is an HP Comware Intelligent Resilient Framework (IRF) virtual device.
The authentication server is HP IMC User Access Manager (UAM).
The company wants to keep this solution as it is but also allow the same ports to support guest
access. Instead of authenticating with 802.1X, guests should log in through a Web page hosted on
UAM.
Which solution meets this requirement?
A.
The ProVision switches do not implement authentication on their ports. The IRF virtual device
implements 802.1X and Web-Auth on the links that connect to the ProVision switches.
B.
The ProVision switches implement 802.1X and Web-Auth on the same ports. The switches
have Web pages downloaded on to them and enforce Web-Auth locally.
C.
The ProVision switches have a guest VLAN on the ports than enforce 802.1X. The guest VLAN
extends to the IRF virtual switch, which enforces Web-Auth to UAM on this VLAN.
D.
The ProVision switches implement hybrid ports for authentication. The switch port detects
whether a connected device belongs to an employee or guest and implements either 802.1X or
remote Web-Auth.
A – ProVision switches certainly DO implement authentication on ports, so… nope
B – Doesn’t meet the customer requirements of “guests should log in through a web page hosted on the UAM”
C – Correct. This is outlined in the study guide, chapter 8 (figure 10). It reads: Implement 802.1X on all edge switch ports. Configure switches to place guests who do not authenticate or fail authentication into the guest VLAN. Establish the core IRF virtual switch as the default router for the wired guest VLAN. Set up portal authentication to UAM on this VLAN.
D – Provision switches can perform Web authentication, 802.1X, and MAC authentication all one one switch, so there is no “hybrid port”
0
0
C. —
0
0