[TABS_R id=8782]
You want to use the authentication event noresponse action authorize vlan 101 command to ensure that network devices incapable of using 802.1X authentication are automatically placed into VLAN 101, which is the guest VLAN.
Which of the following VLAN types can you specify as an 802.1X guest VLAN? (Select the best answer.)
- a primary private VLAN
- a secondary private VLAN
- a voice VLAN
- an RSPAN VLAN
Explanation:
Of the choices available, you can configure a secondary private virtual LAN (VLAN) as an 802.1X guest VLAN with the authentication event noresponse action authorize vlan 101 command. The authentication event noresponse action authorize vlancommand specifies the VLAN into which a switch should place a port if it does not receive a response to the 802.1X Extensible Authentication Protocol over LAN (EAPoL) messages it sends on that port. The VLAN ID must be a number from 1 through 4094. The VLAN ID can specify any active VLAN except for a Remote Switch Port Analyzer (RSPAN) VLAN, a primary private VLAN, or a voice VLAN. In addition, a guest VLAN can be configured on only access ports, not on routed ports or trunk ports.
When a guest VLAN is configured, the switch will grant non802.1Xcapable clients access to the guest VLAN? however, if an 802.1Xcapable device is detected, the switch will place the port into an unauthorized state and will deny access to all devices on the port. You can use the authentication event fail action command to specify how the switch should react if an 802.1X client is detected and the client fails to authenticate. There are two configurable parameters: nextmethod and authorize vlanid. The authorize vlanid parameter configures a restricted VLAN, which is functionally similar to the guest VLAN. The nextmethod parameter configures the switch to attempt authentication by using the next authentication method specified in the authentication order command. For example, if the authentication order 802.1X mab webauth command has been configured and 802.1X authentication fails, the switch will attempt to use Media Access Control (MAC) Authentication Bypass (MAB) to authenticate the client based on its MAC address? if MAB fails, the switch will attempt webbased authentication. If the nextmethod parameter is configured, the switch will indefinitely cycle through authentication methods unless Web Authentication (WebAuth) is configured. If WebAuth is configured, the authentication process will not loop back to other authentication methods and the switch will ignore EAPoL messages on the port.
[TABS_R id=8782]