DOT1X Authentication Flashcards
DOT1X must use what kind of server?
Radius server, not TACACS.
DOT1X must be enabled on the __ and the __ to work.
Switch and host.
How does a host communicate with the radius server before it’s authenticated?
With the uncontrolled port.
After a host is authenticated, its ___ is unlocked.
Controlled port.
What are the three interface options for DOT1X?
Force-authorize (default) which authenticates a host no matter what, force-unauthorize which never authenticates a host, and auto which authenticates based on the hosts’ radius exchange.
Can port security and DOT1X run on the same port?
Yes.
How is 802.1x configured for port security?
RADIUS
What are the 6 steps to configure 802.1x for port security?
1-enable AAA on switch, 2-define RADIUS servers, 3-define authentication method, 4-enable 802.1x on switch, 5-conf. 802.1x ports, 6-allow hosts
What is 802.1x force-authorized?
the port is forced to always authorize any connected client with no authentication necessary (default)
What is 802.1x force-unauthorized?
port is forced to never authorize any connected client
What is 802.1x auto?
The port uses 802.1x exchange to move from unauthorized to authorized. Requires app on client
What scope is 802.1x enabled?
globally
What is 802.1X?
802.1x is the mechanism that will block or unblock an interface and provides security at Layer 2. It is also known as port-based control.