Which of the following is true?

Your company’s Cisco ISE device and all of its supplicants support EAPFASTv2. A user’s authentication fails.
However, the user’s device attempts to authenticate and succeeds.
Which of the following is true? (Select the best answer.)

Your company’s Cisco ISE device and all of its supplicants support EAPFASTv2. A user’s authentication fails.
However, the user’s device attempts to authenticate and succeeds.
Which of the following is true? (Select the best answer.)

A.
The user will have no access.

B.
The user will have restricted access.

C.
The user will have full access.

D.
The device will have full access but the user will have no access.

Explanation:
The user will have restricted access if user authentication to the Cisco Identity Services Engine (ISE) fails but
the user’s device authentication succeeds. Extensible Authentication Protocol (EAP)Flexible
Authentication via Secure Tunneling (FAST) with EAP chaining, which is also sometimes called EAPFAST
version 2 (EAPFASTv2), enables the validation of both user and device credentials in a single EAP transaction.
EAP chaining enables a Cisco security device to validate authentication credentials for both a user and the
user’s device. In order to enable EAP chaining, both the Cisco security device and the supplicant device must
support EAP chaining.
The Cisco ISE will assign a different level of authorization access depending on one of four success and failurepossibilities, as shown in the following table:

EAP-FAST is an authentication protocol that can be used for pointtopoint connections and for both wired and
wireless links. The EAP-FAST authentication process consists of three phases. The first phase, which is
optional and is considered phase 0, consists of provisioning a client with a PAC, which is a digital credential that
is used for authentication. A PAC can be manually configured on a client, in which case phase 0 is not required.
The second phase, which is referred to as phase 1, involves creating a secure tunnel between the client and
the server. The final phase, which is referred to as phase 2, involves authenticating the client. If the client is
authenticated, the client will be able to access the network.

Cisco: Cisco Identity Services Engine Administrator Guide, Release 1.3: Simple Authentication Policy
Configuration Settings



Leave a Reply 0

Your email address will not be published. Required fields are marked *