An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication. Which command should be used to complete this configuration?
The question says configure dot1x but not globally. Everything else refers to the port so that means dot1x pae authenticator. It doesn't make sense to configure the port before your global settings.
Answer is B
i have configured port based-authentication without "dot1x system-auth-control" enabled globally . so referring to the question "needs to configure 802.1X" means the global level
B is my choice-- It is configured in global config to enable 802.1X feature. C & D are interface level configs--theoretically configured already. A is optional method list; Auth method and be defined by a default method list as well:
The question specifically asks for the command to use for configuring 802.1X with port-based authentication. While "aaa authentication dot1x default group radius" is a valid command for configuring 802.1X authentication, it does not address the port-based aspect of the configuration. "Authentication port-control auto" is also not specifically related to 802.1X authentication. "dot1x system-auth-control" is a valid command for configuring 802.1X, but it does not specifically address the port-based aspect of the configuration either. "dot1x pae authenticator" is the most appropriate command for configuring 802.1X with port-based authentication, as it enables the switch to function as an authenticator for port-based 802.1X authentication.
I believe B is the correct answer. However, A is also required for dot1x.
The question states that the port settings are configured, so that eliminates C & D.
Port settings are already configured so I think they want this to be the command to enable it globally on the switch, therefore B. I can confirm it is possible to do this as I did it recently
It say Port settings are configerd. I think if dot1x is globbally not enabled with dot1x system-auth-control you cann't configure the port for 802.1x
Can somebody test, if you can or cannot configure the port for 802.1x withot enabling globally and react here. Thanks in advance
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-3se/3850/sec-user-8021x-xe-3se-3850-book/config-ieee-802x-pba.html#GUID-B1C1F75B-45CF-4CA3-A833-43D7C6986249
How to Configure IEEE 802.1X Port-Based Authentication
Enabling IEEE 802.1X Authentication and Authorization
SUMMARY STEPS
1. enable
2. configure terminal
3. aaa new-model
4. aaa authentication dot1x {default | listname} method1 [method2...]
5. dot1x system-auth-control
6. identity profile default
7. interface type slot/port
8. access-session port-control {auto | force-authorized | force-unauthorized}
9. dot1x pae [supplicant | authenticator | both]
CCNP book chapter 11:
Step 1. Enable authentication, authorization, and accounting on the access switch(es)
by entering the following command:
C3560X(config)# aaa new-model
An authentication method is required to tell the switch which group of
RADIUS servers to use for 802.1X authentication requests.
Step 2. Create an authentication method for 802.1X by entering the following
command:
C3560X(config)# aaa authentication dot1x default group
radius
Step 3. Create an authorization method for 802.1X by entering the following command:
C3560X(config)# aaa authorization network default group
radius
Step 4. Create an accounting method for 802.1X by entering the following command:
C3560X(config)# aaa accounting dot1x default start-stop
group radius
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
daftnerd
2 weeks, 1 day agoYouki82
3 months, 2 weeks agoLeogxn
5 months, 3 weeks agoTHEODORABLE
8 months agozsrite
10 months, 2 weeks agoLeogxn
5 months, 3 weeks agotliz
11 months, 1 week agoRuss
1 year, 1 month agotururu1496
1 year, 2 months agoiceise
1 year, 2 months agoiceise
1 year, 2 months agokingsalah1982
1 year, 2 months ago