300-430 · Question #207
WPA2 Enterprise with 802.1X is being used for clients to authenticate to a wireless network through a Cisco ISE server. For security reasons, the network engineer wants to ensure that only PEAP authen
The correct answer is D. Enable AAA override on the SSID and configure an access policy in Cisco ISE that allows access. To ensure that only PEAP authentication is used for network access through a wireless network using WPA2 Enterprise with 802.1X, enabling AAA override on an SSID allows individual client authentication requests to be modified by RADIUS server responses dynamically. By configuring
Question
WPA2 Enterprise with 802.1X is being used for clients to authenticate to a wireless network through a Cisco ISE server. For security reasons, the network engineer wants to ensure that only PEAP authentication is used. The engineer sent instructions to clients on how to configure the supplicants, but the ISE logs still show users authenticating using EAP-FAST. Which action ensures that access to the network is restricted for these users unless the correct authentication mechanism is configured?
Options
- AEnable AAA override on the SSID, gather the usernames of these users, and disable the RADIUS
- BEnable AAA override on the SSID and configure an ACL on the WLC that allows access to users
- CEnable AAA override on the SSID and configure an access policy in Cisco ISE that denies access
- DEnable AAA override on the SSID and configure an access policy in Cisco ISE that allows access
How the community answered
(62 responses)- A24% (15)
- B11% (7)
- C5% (3)
- D60% (37)
Explanation
To ensure that only PEAP authentication is used for network access through a wireless network using WPA2 Enterprise with 802.1X, enabling AAA override on an SSID allows individual client authentication requests to be modified by RADIUS server responses dynamically. By configuring an access policy in Cisco Identity Services Engine (ISE) that permits access solely when PEAP is used as the EAP authentication method, any user attempting to authenticate using EAP-FAST will be denied network access until their devices are configured correctly for PEAP usage.
Topics
Community Discussion
No community discussion yet for this question.