SIMULATION
The Secure‐X company has recently successfully tested the 802.1X authentication deployment using
the Cisco Catalyst switch and the Cisco ISEv1.2 appliance. Currently, each employee desktop is
connected to an 802.1X enabled switch port and is able to use the Cisco AnyConnect NAM
802.1Xsupplicantto log in and connect to the network.
Currently, a new testing requirement is to add a network printer to the Fa0/19 switch port and have
it connect to the network. The network printer does not support 802.1X supplicant. The Fa0/19
switch port is now configured to use 802.1X authentication only.
To support this network printer, the Fa0/19 switch port configuration needs to be edited to enable
the network printer to authenticate using its MAC address. The network printer should also be on
VLAN 9.
Another network security engineer responsible for managing the Cisco ISE has already per‐
configured all the requirements on the Cisco ISE, including adding the network printer MAC address
to the Cisco ISE endpoint database and etc…
Your task in the simulation is to access the Cisco Catalyst Switch console then use the CLI to:
• Enable only the Cisco Catalyst Switch Fa0/19 switch port to authenticate the network printer
using its MAC address and:
• Ensure that MAC address authentication processing is not delayed until 802.1Xfails
• Ensure that even if MAC address authentication passes, the switch will still perform 802.1X
authentication if requested by a 802.1X supplicant
• Use the required show command to verify the MAC address authentication on the Fa0/19 is
successful
The switch enable password is Cisco
For the purpose of the simulation, to test the network printer, assume the network printer will be
unplugged then plugged back into the Fa0/19 switch port after you have finished the required
configurations on the Fa0/19 switch port.
Note: For this simulation, you will not need and do not have access to the ISE GUI To access the
switch CLI, click the Switch icon in the topology diagram
Answer: See the explanation
Explanation:
Initial configuration for fa 0/19 that is already done:
AAA configuration has already been done for us. We need to configure mac address bypass on this
port to achieve the goal stated in the question. To do this we simply need to add this command
under the interface:mab
Then do a shut/no shut on the interface.
Verification:
you will also need to do these commands under the interface to meet the requirements of the question
. Ensure that MAC address authentication processing is not delayed until 802.1X fails
authentication order mab dot1x
• Ensure that even if MAC address authentication passes, the switch will still perform 802.1X authentication if requested by a 802.1X supplicant
authentication priority dot1x mab
• Use the required show command to verify the MAC address authentication on the Fa0/19 is successful
show authentication sessions interface fa0/19
Hi!
Have you written this exam ? and what was your experience?
configure terminal
!
!
interface fastethernet 0/9
mab
authentication order mab dot1x
authentication priority dot1x mab
shutdown
no shutdown
!
!
end
!
!
show authentication session interface fastethernet 0/9
!
!
Copy running-config startup-config
New 300-208 Exam Questions Have Been Updated Recently (4/Jan/2017):
NEW QUESTION 251
A security administrator wants to profile endpoints and gain visibility into attempted authentications. Which 802.1x mode allows these actions?
A. monitor mode
B. high-security mode
C. closed mode
D. low-impact mode
Answer: A
NEW QUESTION 252
Which three events immediately occur when a user clicks register on their device in a single- SSID BYOD onboarding registration process? (Choose three).
A. CA certificate is sent to the device from Cisco ISE
B. An endpoint is added to a Registered Devices identity group
C. RADIUS access request is sent to Cisco ISE
D. The profile service is sent to the device from Cisco ISE
E. DACL is sent to the device from Cisco ISE
F. BYOD registration flag is set by Cisco ISE
Answer: ABF
NEW QUESTION 253
A company wants to allow employees to register and manage their own devices that do not support NSP. Which portals enable this?
A. MDM portals
B. Client provisioning portals
C. My devices portals
D. BYOD Portals
Answer: C
NEW QUESTION 254
Which three options can be pushed from Cisco ISE server as part of a successful 802.1x authentication. (Choose three)
A. authentication order
B. posture status
C. authentication priority
D. vlan
E. DACL
F. reauthentication timer
Answer: DEF
NEW QUESTION 255
With which two appliance-based products can Cisco Prime infrastructure integrate to perform centralized management?
A. Cisco content security appliance
B. Cisco email security appliance
C. Cisco wireless location appliance
D. Cisco Mobility Services Engine
E. Cisco ISE
Answer: DE
NEW QUESTION 256
A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time. What two catalyst switch security features will prevent further violations? (Choose two)
A. DHCP Snooping
B. 802.1AE MacSec
C. Port security
D. IP Device tracking
E. Dynamic ARP inspection
F. Private VLANs
Answer: AE
NEW QUESTION 257
Refer to exhibit, which statement about the authentication protocol used in the configuration is true?
aaa new model
tacacs-server host 1.1.1.1 single connection
tacas-server key cisco123
A. Authentication request contains username, encrypted password, NAS IP address, and port.
B. Authentication and authorization requests are sent in a single open connection between the network device and the TACACS+ server.
C. Authentication request contains username, password, NAS IP address and port.
D. Authentication and authorization request packets are grouped together in a single packet.
Answer: B
NEW QUESTION 258
Which option is the code field of n EAP packet?
A. one byte and 1=request, 2=response 3=failure 4=success
B. two byte and 1=request, 2=response, 3=success, 4=failure
C. two byte and 1=request 2=response 3=failure 4=success
D. one byte and 1=request 2=response 3=success 4=failure
Answer: D
NEW QUESTION 259
……
These New 300-208 Exam Questions Were Just Updated From The Actual 300-208 Exam, You Can Get The Newest 300-208 Dumps In PDF And VCE From — http://www.passleader.com/300-208.html (275q VCE and PDF)
Good Luck!
And, you can download that new 275Q 300-208 dumps here:
https://drive.google.com/open?id=0B-ob6L_QjGLpfkFleG9jUGxxS3kwS0VwcllTWmlxdTlBZUd5cnBkaG5DSE5FbU5yOEpYQzQ
Best Regards!
New 300-208 Exam Questions Updated Recently (1/Mar/2017):
NEW QUESTION 288
An engineer must ensure that all client operating systems have the AnyConnect Agent for an upcoming posture implementation. Which two versions of OS does the AnyConnect posture agent support? (Choose two.)
A. Google Android
B. Ubuntu
C. Apple Mac OS X
D. Microsoft Windows
E. Red Hat Enterprise Linux
Answer: C
NEW QUESTION 289
Which command would be used in order to maintain a single open connection between a network access device and a tacacs server?
A. tacacs-server host timeout
B. tacacs-server host single-connection
C. tacacs-server host
D. tacacs-server host single-connection
Answer: D
NEW QUESTION 290
Refer to the exhibit. Which authentication method is being used?
Evaluating Identity Policy
15006 Matched Default Rule
15013 Selected Identity Store C LDAP_TESTE
22043 Current Identity Store does not support the authentication method; Skipping it
A. PEAP-MSCHAP
B. EAP-GTC
C. EAP-TLS
D. PEAP-TLS
Answer: C
NEW QUESTION 291
A security engineer has a new TrustSec project and must create a few static security group tag classifications as a proof of concept. Which two classifications can the tags be mapped to? (Choose two.)
A. VLAN
B. user ID
C. interface
D. switch ID
E. MAC address
Answer: AC
NEW QUESTION 292
NEW QUESTION 293
Which CoA type does a Cisco ISE PSN send to a network access device when a NAG agent reports the OS patch status of a noncompliant endpoint?
A. CoA-Terminate
B. CoA-PortBounce
C. CoA-Reauth
D. CoA-Remediate
Answer: B
NEW QUESTION 294
P.S. You Can Get The Newest 300-208 Dumps In PDF And VCE From — http://www.passleader.com/300-208.html (300q VCE and PDF)
BTW, part of that new 300Q 300-208 Dumps are available here:
https://1drv.ms/f/s!Aq3EkOX-B1yegR-ZeeCwg90H7vjB
Best Regards!