A medium-sized enterprise has some devices that are 802.1X capable and some that are not. Any
device that fails authentication must be provided limited access through a VLAN called
NONAUTH. How do you provide this access?
Configure NONAUTH VLAN as the guest VLAN.
Configure NONAUTH VLAN as the server-reject VLAN.
Configure NONAUTH VLAN as the guest VLAN and the server-reject VLAN
Configure a separate VLAN for each type of user: 802.1X and non-802.1X.
3 Comments on “How do you provide this access?”
B is correct. The statement did not require access for non-802.1x devices, only for those who fail authentication.
Guest VLAN—Provides limited access to a LAN, typically just to the Internet, for end devices that are not 802.1X enabled when MAC RADIUS authentication has not been configured on the switch interfaces to which the hosts are connected .
Server-reject VLAN—Provides limited access to a LAN, typically just to the Internet, for end devices that are 802.1X enabled but have sent the wrong credentials.
Server-fail VLAN—Provides limited access to a LAN, typically just to the internet, for 802.1X end devices during a RADIUS server timeout.
Dynamic VLAN—Enables an end device, after authentication, to be a member of a VLAN dynamically.
Private VLAN—Enables configuration of 802.1X authentication on interfaces that are members of private VLANs (PVLANs).
C is right answer.
Besides, part of that new 80Q JN0-647 dumps FYI: