Which of the following command sequences should you issue on SwitchA? (Select the best answer.)

Last Updated on August 7, 2021 by Admin 3

You are configuring 802.1X authentication on the FastEthernet 0/1 port on a switch named SwitchA. You want to ensure that any hosts connected to the port are authenticated by using 802.1X before the hosts can transmit data through the switch.

Which of the following command sequences should you issue on SwitchA? (Select the best answer.)

  • SwitchA#configure terminalSwitchA(config)#aaa newmodel
    
    SwitchA(config)#aaa authentication dot1x default group radius
    
    SwitchA(config)#dot1x systemauthcontrol
    
    SwitchA(config)#interface fastethernet 0/1
    
    SwitchA(configif)#dot1x portcontrol forceauthorized
  • SwitchA#configure terminalSwitchA(config)#aaa newmodel
    
    SwitchA(config)#aaa authentication dot1x default group radius
    
    SwitchA(config)#dot1x systemauthcontrol
    
    SwitchA(config)#interface fastethernet 0/1
    
    SwitchA(configif)#dot1x portcontrol forceunauthorized
  • SwitchA#configure terminalSwitchA(config)#aaa newmodel
    
    SwitchA(config)#aaa authentication dot1x default group radius
    
    SwitchA(config)#dot1x systemauthcontrol
    
    SwitchA(config)#interface fastethernet 0/1
    
    SwitchA(configif)#dot1x portcontrol auto
  • SwitchA#configure terminalSwitchA(config)#aaa newmodel
    
    SwitchA(config)#aaa authentication dot1x default group radius
    
    SwitchA(config)#dot1x systemauthcontrol
    
    SwitchA(config)#interface fastethernet 0/1
    
    SwitchA(configif)#dot1x portcontrol all
Explanation:
You should issue the following command sequence on SwitchA to ensure that hosts connected to the FastEthernet 0/1 port are authenticated by using 802.1X before the hosts are allowed to send traffic through the switch:

SwitchA#configure terminal
SwitchA(config)#aaa newmodel
SwitchA(config)#aaa authentication dot1x default group radius
SwitchA(config)#dot1x systemauthcontrol
SwitchA(config)#interface fastethernet 0/1
SwitchA(configif)#dot1x portcontrol auto

You can enable 802.1X portbased authentication on Cisco switches to ensure that only authenticated users can send traffic through the switch. Before a user is authenticated, the only traffic allowed through the switch port is Extensible Authentication Protocol over LANs (EAPOL), Spanning Tree Protocol (STP), and Cisco Discovery Protocol (CDP) traffic. This ensures that the host is not able to send traffic through the port until authentication occurs.
To configure 802.1X authentication on a switch, you should first enable Authentication, Authorization, and Accounting (AAA) authentication on the switch by issuing the aaa newmodel command in global configuration mode. A Remote Authentication DialIn User Service (RADIUS) server must exist on the network in order to support AAA authentication. After configuring AAA authentication on the switch, you should issue the aaa authentication dot1x default group radius command to configure the switch to use the RADIUS servers for authentication.
You should enable 802.1X on the switch after you have configured AAA authentication on the switch. You can enable 802.1X by issuing the dot1x system authcontrol command. This command globally enables 802.1X on the switch. You should then configure each interface that will use 802.1X. In this scenario, you want to configure interface FastEthernet 0/1, so you should issue the interface fastethernet 0/1 command to enter interface configuration mode. After entering interface configuration mode, you should issue the dot1x portcontrol {forceauthorized | forceunauthorized | auto} command. The auto keyword enables 802.1X authentication on the port? consequently, the authentication process occurs between the switch and a connected host. If the host is configured with 802.1X authentication, the host will be authenticated and will be able to send traffic through the switch.
If the host is not configured with 802.1X authentication, the authentication process will fail and the host will be unable to send traffic through the port. The force authorized keyword of the dot1x portcontrol command configures the port to authorize any host that connects to the port? no 802.1X authentication process will take place. Any host connected to the port will be able to send traffic through the switch. The force unauthorized keyword configures the port to never allow authentication for a connected host. No authentication will take place, and the host will be unable to send traffic through the port.
The command sequence that contains the dot1x portcontrol all command does not configure 802.1X authentication on the FastEthernet 0/1 port on SwitchA. The dot1x portcontrol command does not include an all parameter. Issuing this command would result in an error being displayed.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments