A network administrator wants to configure 802.1x port-based authentication, however, the
client workstation is not 802.1x compliant. What is the only supported authentication server
that can be used?
A.
TACACS with LEAP extensions
B.
TACACS+
C.
RADIUS with EAP extensions
D.
LDAP
Explanation:
The IEEE 8021x standard defines a port-based access control and authentication protocol
that restricts unauthorized workstations from connecting to a LAN through publicly
accessible switch ports. The authentication server authenticates each workstation that is
connected to a switch port before making available any services offered by the switch or the
LAN.
Until the workstation is authenticated, 802.1x access control allows only Extensible
Authentication Protocol over LAN (EAPOL) traffic through the port to which the workstation is
connected. After authentication succeeds, normal traffic can pass through the port.
With 802.1x port-based authentication, the devices in the network have specific roles as, as
follows:
+ Client: The device (workstation) that requests access to the LAN and switch services,
and responds to requests from the switch. The workstations must be running 802.1x
compliant client software, such as what is offered in Microsoft Windows XP operating
systems.
+ Authentication server: Performs the actual authentication of the client. The
authentication server validates the identity of the client and notifies the switch whether or not
client is authorized to access the LAN and switch services. Because the switch acts as theproxy, the authentication service is transparent to the client. The RADIUS security system
with Extensible Authentication Protocol (EAP) extensions is the only supported
authentication server.
Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/co
nfiguration/guide/Sw8021x.html