what happens to traffic sent from this device?

— Exhibit —
{master:0}[edit protocols dot1x]
user@switch# show
authenticator {
authentication-profile-name my-profile;
static {
00:21:cc:ba:c7:00/40 {

interface ge-0/0/12.0;
}
interface {
ge-0/0/12.0 {
supplicant multiple;
server-fail deny;
}
ge-1/0/14.0 {
reauthentication 120;
server-fail vlan-name local-only;
}
ge-1/0/15.0 {
supplicant multiple;
mac-radius {
restrict;
}
reauthentication 120;
server-fail vlan-name guest;
}
}
}
— Exhibit —
Click the Exhibit button.
You just added a device on port ge-0/0/12 with the MAC address 00:21:cc:ba:c7:59. All access
ports on this device are members of VLAN v20. The RADIUS server is currently not reachable.

Referring to the configuration shown in the exhibit, what happens to traffic sent from this device?

— Exhibit —
{master:0}[edit protocols dot1x]
user@switch# show
authenticator {
authentication-profile-name my-profile;
static {
00:21:cc:ba:c7:00/40 {

interface ge-0/0/12.0;
}
interface {
ge-0/0/12.0 {
supplicant multiple;
server-fail deny;
}
ge-1/0/14.0 {
reauthentication 120;
server-fail vlan-name local-only;
}
ge-1/0/15.0 {
supplicant multiple;
mac-radius {
restrict;
}
reauthentication 120;
server-fail vlan-name guest;
}
}
}
— Exhibit —
Click the Exhibit button.
You just added a device on port ge-0/0/12 with the MAC address 00:21:cc:ba:c7:59. All access
ports on this device are members of VLAN v20. The RADIUS server is currently not reachable.

Referring to the configuration shown in the exhibit, what happens to traffic sent from this device?

A.
The traffic is denied.

B.
The traffic is accepted and uses the guest VLAN.

C.
The traffic is accepted and uses the local-only VLAN.

D.
The traffic is accepted and uses the v20 VLAN.

Show Hint

Leave a Reply 7

Your email address will not be published. Required fields are marked *

jun

jun

how can D be the answer? should’nt it be B

Reply

milos

milos

Shouldn’t it be A? Radius server is not reachable and and server-fail for ge-0/0/12.0 is deny.

Reply

nikon

nikon

Answer is D:
http://www.juniper.net/documentation/en_US/junos12.3/topics/concept/authentication-understanding-ex-series-switches.html#jd0e145
When you configure static MAC on the switch, the MAC address of the end device is first checked in a local database (a user-configured list of MAC addresses). If a match is found, the end device is successfully authenticated and the interface is opened up for it. No further authentication is done for that end device. If a match is not found and 802.1X authentication is enabled on the switch, the switch attempts to authenticate the end device through the RADIUS server.

Reply

Noname

Noname

static {
00:21:cc:ba:c7:00/40 {
^^^

MAC address of added device is 00:21:cc:ba:c7:”59″

Reply

asd

asd

Answer is D, cuz we have a static mac bypass here and MAC adress falls into it.
So if all access ports are members of v20, therefore client is authed to that vlan.

Reply

Rashpal

Rashpal

Answer is D because /40 mask means just ignore the last 8 bits or last 2 digit of the mac address. Only first 40 bits need to match.So 00:21:cc:ba:c7:59 match the static entry on port ge-0/0/12.

Reply