You are asked to set up 802.1X port authentication for all access ports on your EX Series switch.
You have a device that does not support 802.1X supplicants and you must ensure this device is
authenticated. You must also ensure that no unnecessary delay occurs when authenticating this
device.
Which statement is correct?
A.
You should enable MAC RADIUS on the interface and use 802.1X multiple mode.
B.
You should enable MAC RADIUS on the interface and statically add the MAC address to the
802.1x configuration.
C.
You should enable MAC RADIUS on the interface and include the restrict parameter.
D.
You should enable MAC RADIUS on the interface and include the disable parameter.
To permit hosts that are not 802.1X-enabled to access the LAN, you can configure MAC RADIUS authentication on the switch interfaces to which the non-802.1X-enabled hosts are connected. When MAC RADIUS authentication is configured, the switch will attempt to authenticate the host with the RADIUS server using the host’s MAC address.
To quickly configure MAC RADIUS authentication, copy the following commands and paste them into the switch terminal window:
[edit]
set protocols dot1x authenticator interface ge-0/0/19 mac-radius
set protocols dot1x authenticator interface ge-0/0/20 mac-radius restrict
In addition, explanaition for the restrict parameter:
“You can configure both MAC RADIUS authentication and 802.1X authentication methods on an interface configured for multiple supplicants. Additionally, if an interface is only connected to a non-802.1X-enabled host, you can enable MAC RADIUS and not enable 802.1X authentication using the mac-radius restrict option, and thus avoid the delay that occurs while the switch determines that the device is does not respond to EAP messages.”
http://www.juniper.net/documentation/en_US/junos13.2/topics/example/authentication-mac-radius-ex-series.html