ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-701 All Questions

View all questions & answers for the 350-701 exam
Go to Exam

Exam 350-701 topic 1 question 144 discussion

Actual exam question from Cisco's 350-701
Question #: 144
Topic #: 1
[All 350-701 Questions]

An administrator is adding a new switch onto the network and has configured AAA for network access control. When testing the configuration, the RADIUS authenticates to Cisco ISE but is being rejected. Why is the ip radius source-interface command needed for this configuration?

  • A. Only requests that originate from a configured NAS IP are accepted by a RADIUS server.
  • B. The RADIUS authentication key is transmitted only from the defined RADIUS source interface.
  • C. RADIUS requests are generated only by a router if a RADIUS source interface is defined.
  • D. Encrypted RADIUS authentication requires the RADIUS source interface be defined.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Cyberops at May 19, 2022, 1:19 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
loser4fun
Highly Voted 1 year, 1 month ago
I would go with A When configuring AAA for network access control, the ip radius source-interface command is needed to specify the interface that the switch uses to send RADIUS requests to the server. The source interface is important because it determines the IP address that is used as the NAS-IP-Address attribute in the RADIUS packet. If the RADIUS server is configured to only accept requests that originate from a specific NAS IP address, then the switch must use that address as the source for its requests, or the authentication will fail. This is often the case in enterprise networks where strict access controls are in place. Therefore, the ip radius source-interface command is needed to ensure that the switch sends RADIUS requests from the correct IP address and that the RADIUS server will accept them. Without this command, the authentication may fail or be rejected by the RADIUS server.
upvoted 6 times
...
Ko13
Most Recent 5 months, 3 weeks ago
Selected Answer: A
The RADIUS NAS-IP-Address Attribute Configurability feature allows you to configure an arbitrary IP address to be used as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This feature may be used for situations in which service providers are using a cluster of small network access servers (NASs) to simulate a large NAS to improve scalability. This feature allows the NASs to behave as a single RADIUS client from the perspective of the RADIUS server. https://www.cisco.com/c/en/us/td/docs/ios/12_2sb/12_2sba/feature/guide/sbsiara.html
upvoted 2 times
...
Tutsi
1 year, 10 months ago
Selected Answer: A
When the Radius policy is configured on the radius server, to prevent unauthorised devices from matching the policy, NAS IP can be specified within the policy. I do this configuration very often...
upvoted 2 times
...
Cyberops
1 year, 11 months ago
I would go with B. It says Network Access control not Server.
upvoted 1 times
Cyberops
1 year, 11 months ago
Not sure on this one. Couldn't delete my previous comment but i would have if i could.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago