Last Updated on August 1, 2021 by Admin 2
You have executed the following commands on switch A:
What is the result of executing the given commands? (Choose two.)
- Only the listed RADIUS server is used for authentication
- 802.1X authentication is enabled on the Fa0/1 interface only
- The key for the RADIUS server is firstKey111
- AAA is not enabled on the switch
A default list is used for the RADIUS server for authentication and the key for the RADIUS server is firstKey111. A RADIUS server combines the authentication and authorization processes. Before you configure the RADIUS server, you should enable AAA by using the aaa new-model command in the global configuration mode. Then, you can specify the location of the RADIUS server and the key using the radius-server host command. In this case, the RADIUS server is located at the IP address 192.168.105.67 and requires the key firstKey111 as the encryption key. This key must be mutually agreed upon by the server and the clients.
The aaa authentication dot1x default group radius command creates a method list for 802.1X authentication. The default group radius keywords specify that the default method will be to use all listed RADIUS servers to authenticate clients. Since only one is listed, it will be the only one used.
It is incorrect to state that 802.1X authentication is enabled on the Fa0/1 interface only. The interface range Fa 0/1 – 11 and the dot1x port-control auto commands specify that 802.1X authentication is enabled on the interfaces Fa0/1 to Fa0/11.
It is incorrect to stat that AAA is not enabled on the switch. The aaa new-model command enables AAA globally on the switch.
Describe device security using Cisco IOS AAA with TACACS+ and RADIUS