where must 802.1X be configured in order to connect a PC to a switch?

In order to enhance security on the Company network, users must be authenticated using
802.1X. When authentication is required, where must 802.1X be configured in order to
connect a PC to a switch?

In order to enhance security on the Company network, users must be authenticated using
802.1X. When authentication is required, where must 802.1X be configured in order to
connect a PC to a switch?

A.
Switch port and local router port

B.
Switch port, client PC, and authentication server

C.
Client PC only

D.
Switch port only

E.
None of the other alternatives apply

Explanation:
The IEEE 802.1x standard defines a port-based access control and authentication protocol
that restricts unauthorized workstations from connecting to a LAN through publicly
accessible switch ports. The authentication server authenticates each workstation that is
connected to a switch port before making available any services offered by the switch or the
LAN. Until the workstation is authenticated, 802.1x access control allows only Extensible
Authentication Protocol over LAN (EAPOL) traffic through the port to which the workstation is
connected. After authentication succeeds, normal traffic can pass through the port.
With 802.1x port-based authentication, the devices in the network have specific roles, as
follows:
Client: The device (workstation) that requests access to the LAN and switch services, and
responds to requests from the switch. The workstation must be running 802.1x-compliant
client software, such as what is offered in the Microsoft Windows XP operating system. (The
port that the client is attached to is the supplicant [client] in the IEEE 802.1x specification.)
Authentication server: Performs the actual authentication of the client. The authentication
server validates the identity of the client and notifies the switch whether or not the client is
authorized to access the LAN and switch services. Because the switch acts as the proxy, the
authentication service is transparent to the client. The RADIUS security system with
Extensible Authentication Protocol (EAP) extensions is the only supported authentication
server.
Switch(also called the authenticator): Controls physical access to the network based on the
authentication status of the client. The switch acts as an intermediary (proxy) between the
client (supplicant) and the authentication server, requesting identifying information from the
client, verifying that information with the authentication server, and relaying a response to
the client. The switch uses a RADIUS software agent, which is responsible for encapsulating
and decapsulating the EAP frames and interacting with the authentication server.



Leave a Reply 0

Your email address will not be published. Required fields are marked *