Sign Up
Log In
Home
discussion
Exam 400-101 Question id=1149 Infrastructure Security

Which of the following statements are correct regarding 802.1X port-based authentication?

A. Before authentication occurs, only DHCP traffic is allowed through a port that is configured for 802.1X authentication.
B. Before authentication occurs, only EAPOL, STP, and CDP traffic is allowed on a port that is configured for 802.1X authentication.
C. If a host is configured to use 802.1X but a switch is not, the host will be unable to communicate on the network.
D. If a switch is configured to use 802.1X but a host is not, the host will be unable to communicate on the network.
E. Multiple hosts can be connected to a port that is configured for 802.1X authentication.
F. Only one host can be connected to a port that is configured for 802.1X authentication.

Of the available choices, the following statements are correct regarding 802.1X port-based authentication:
- Before authentication occurs, only Extensible Authentication Protocol over LANs (EAPOL), Spanning Tree Protocol (STP), and Cisco Discovery Protocol (CDP) traffic is allowed on a port that is configured for 802.1X authentication.
- If a switch is configured to use 802.1X but a host is not, no communication will take place.
- Multiple hosts can be connected to a port that is configured for 802.1X authentication.

Port-based authentication that uses the Institute of Electrical and Electronics Engineers (IEEE) 802.1X standard can be used on Cisco switches to ensure that only authenticated users are able to send traffic through the switch. Before authentication occurs, the only traffic that the port allows is EAPOL traffic, STP traffic, and CDP traffic. This ensures that a host connected to the port is authenticated before any other traffic is allowed through the port. The use of 802.1X authentication requires that both the host and the switch be configured for 802.1X. If the host is configured for 802.1X but the switch is not, the host can communicate with the switch but 802.1X authentication will not be used. However, if the switch is configured for 802.1X but the host is not, the host will be unable to send traffic through the switch? the port will remain in the unauthorized state.

Dynamic Host Configuration Protocol (DHCP) traffic is not allowed through a port that is configured for 802.1X authentication before authentication occurs. A host connected to a switch port that is configured for 802.1X authentication can only communicate with the switch in order to authenticate with the switch. After authentication occurs, the host can request an IP address from a DHCP server.
You can connect more than one host to a port that is configured for 802.1X authentication. For example, if multiple hosts are connected to a hub or a switch, you can connect the hub or switch to a port that is configured for 802.1X authentication. To configure the port to accept connections from multiple hosts, you should issue the dot1x host-mode multi-host command on the interface to which the hub or switch will be connected.