210-260 · Question #68
210-260 Question #68: Real Exam Question with Answer & Explanation
The correct answer is A: When user failed to authenticate after certain number of attempts. The 802.1X Auth-Fail VLAN (also called Restricted VLAN) is a Cisco feature that provides a fallback for clients that fail EAP authentication - for example, a user who enters wrong credentials repeatedly. After the configured maximum number of failed authentication attempts is rea
Question
Options
- AWhen user failed to authenticate after certain number of attempts
- BWhen 802.1X is not globally enabled on the Cisco catalyst switch
- CWhen AAA new-model is enabled
- DIf a connected client does not support 802.1X
- EAfter a connected client exceeds a specific idle time
Explanation
The 802.1X Auth-Fail VLAN (also called Restricted VLAN) is a Cisco feature that provides a fallback for clients that fail EAP authentication - for example, a user who enters wrong credentials repeatedly. After the configured maximum number of failed authentication attempts is reached, the switch moves the port into the designated Auth-Fail VLAN, which typically provides limited or remediation-only network access. This is distinct from the Guest VLAN (used when a client does not respond to EAP at all, i.e., does not support 802.1X - option D describes that scenario). Options B and C describe global switch configuration prerequisites, not triggers for the restricted VLAN. Option E describes an idle timeout scenario, which is unrelated.
Community Discussion
No community discussion yet for this question.