Which protocol provides port-based access control and authentication?

A. 802.1X

B. 802.1W

C. 802.1P

D. 802.1Q








 

Suggested Answer: A

IEEE 802.1X provides port-based access control and authentication.
IEEE 802.1X is a client-server based access control model. If IEEE 802.1X is enabled on a switch interface, the interface is in an unauthorized state until it is authenticated. Until the station is authenticated, the only protocols allowed through switch ports are:
CDP -
STP -
EAP-over-LAN (EAPOL is the only type of traffic accepted from a station)
The supplicant PAE sends EAPOL packets that indicate its request for access through the switch to the LAN. The switch performs the authenticator role by processing the EAPOL packets from the port-attached supplicant PAE and forwarding an authentication request to the authentication server. The only supported authentication server is a Remote Access Dial-In User Server (RADIUS) server with EAP extensions. The authentication server checks the identity of the client
(the supplicant PAE) and will either accept or reject the request. If the server accepts the request, the port is authorized and the switch will send and receive all frames. If it fails, only EAPOL packets will continue to be processed. Once the client is finished with the connection, an EAPOL logoff is issued, and the switch port once again becomes unauthorized.
Below is a sample configuration to enable 802.1X authentication and enable it on an interface: switch(config)# aaa new-model switch(config)# aaa authentication dot1x default group radius switch(config)# dot1x system-auth-control switch(config-if)# dot1x port-control auto
802.1w is the standard for Rapid Spanning Tree Protocol (RSTP). It is not related to port-based access control and authentication.
802.1P is a method for assigning priority to packets traversing a network. It is not related to port-based access control and authentication.
802.1Q describes VLAN tagging. It is not related to port-based access control and authentication.
Objective:
Infrastructure Security -
Sub-Objective:
Describe device security using Cisco IOS AAA with TACACS+ and RADIUS
References:
Cisco > Catalyst 4500 Series Switch Cisco IOS Command Reference, 12.2(52)SG > aaa accounting dot1x default start-stop group radius through instance > aaa accounting dot1x default start-stop group radius
Cisco > Catalyst 4500 Series Switch Cisco IOS Command Reference, 12.2(52)SG > aaa accounting dot1x default start-stop group radius through instance > dot1x port-control
Cisco > Catalyst 4500 Series Switch Cisco IOS Command Reference, 12.2(52)SG > aaa accounting dot1x default start-stop group radius through instance > dot1x system-auth-control
Cisco > Cisco IOS Security Command Reference > aaa new-model

This question is in 300-115 Implementing Cisco IP Switched Networks (SWITCH) Exam
For getting Cisco Certified Network Professional (CCNP) Routing and Switching Certificate





Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Cisco.
Trademarks, certification & product names are used for reference only and belong to Cisco.
The website does not contain actual questions and answers from Cisco's Certification Exam.