Which statement about 802.1x port-based authentication is true?
A.
Hosts are required to have an 802.1x authentication client or utilize PPPoE.
B.
Before transmitting data, an 802.1x host must determine the authorization state of the switch.
C.
RADIUS is the only supported authentication server type.
D.
If a host initiates the authentication process and does not receive a response, it assumes it is
not authorized.
Explanation:
The IEEE 802.1x standard defines a port-based access control and authentication protocol that
restricts unauthorized workstations from connecting to a LAN through publicly accessible switch
ports. The authentication server authenticates each workstation that is connected to a switch port
before making available any services offered by the switch or the LAN. Until the workstation is
authenticated, 802.1x access control allows only Extensible Authentication Protocol over LAN
(EAPOL) traffic through the port to which the workstation is connected. After authentication
succeeds, normal traffic can pass through the port.
Authentication server: Performs the actual authentication of the client. The authentication server
validates the identity of the client and notifies the switch whether or not the client is authorized to
access the LAN and switch services. Because the switch acts as the proxy, the authentication
service is transparent to the client. The RADIUS security system with Extensible Authentication
Protocol (EAP) extensions is the only supported authentication server.
Reference: Configuring 802.1X Port-Based Authentication
(http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configu
ration/guide/sw8021x.html)