Non-802.1x Authentications Flashcards
True/ False. In MAB the authenticator act on behalf of the endpoint that does not have a supplicant by crafting a RADIUS Access-Request message and sends it to the authentication server. The authenticator uses the endpoint’s MAC address as the identity
True
How does a switch(authenticator) know when the endpoint that is plugged into it does not have a supplicant?
The authenticator is meant to send EAP over LAN identity request frames every 30 seconds by default. After 3 timeouts- a period of 90 seconds by default- it accepted that the endpoint must not have a supplicant.
Web Authentication
An authenticator would be able to send a user to a locally hosted web page- in other words, a web page hosted on the local device itself example Switch, WLC, etc. The username and password that are submitted to the web portal are then sent from the authenticator to the authentication server in a standard RADIUS Access-Request packet.
Local Web Authentication
the credentials are submitted through the web portal, and the authenticator (switch, wireless controller and so on) sends the RADIUS Access-Request to the authentication server using the username and password from the form. It is key to remember that any time the switch is sending the credentials for the user, it is considered LWA
LWA limitations
LWA does not support VLAN assignment, so you are basically limited to ACL assignment. LWA is also restricted from change of authorization (COA) support;
Centralized Web Authentication
the portal is hosted on ISE
True/ False CoA works fully with CWA
True. CWA also supports all the advanced services, such as client provisioning, posture assessments, acceptable use policies (AUPs) password changing, self registration, and device registration