Cisco Identity-Based Networking Services relies heavily on the 802.1X protocol. Which other
authentication solution is used hand-in-hand with 802.1X to authenticate users for network
access?
A.
RADIUS
B.
LEAP
C.
IPsec
D.
TACACS
E.
ISAKMP
Explanation:
Cisco Identity-Based Network Services
The Cisco Identity-Based Network Services solution is a way to authenticate host access based
on policy for admission to the network. IBNS supports identity authentication, dynamic provisioning
of VLANs on a per-user basis, guest VLANs, and 802.1X with port security.
The 802.1 X protocol is a standards-based protocol for authenticating network clients by permitting
or denying access to the network. The 802.1 X protocol operates between the end-user client
seeking access and an Ethernet switch or wireless access point (AP) providing the connection to
the network. In 802.1 X terminology, clients are called supplicants, and switches and APs are
called authenticates. A back-end RADIUS server such as a Cisco Access Control Server (ACS)
provides the user account database used to apply authentication and authorization.
With an IBNS solution, the host uses 802.IX and Extensible Authentication Protocol over LANs
(EAPoL) to send the credentials and initiate a session to the network. After the host and switch
establish LAN connectivity, username and password credentials are requested. The client host
then sends the credentials to the switch, which forwards them to the RADIUS ACS.
The RADIUS ACS performs a lookup on the username and password to determine the credentials’
validity. If the username and password are correct, an accept message is sent to the switch or AP
to allow access to the client host. If the username and password are incorrect, the server sends a
message to the switch or AP to block the host port.
Figure 13-4 illustrates the communication flow of two hosts using 802.1X and KAPoL with the
switch, AP, and back-end RADIUS server.