nerdexam
Cisco

300-430 · Question #207

WPA2 Enterprise with 802.1X is being used for clients to authenticate to a wireless network through a Cisco ISE server. For security reasons, the network engineer wants to ensure that only PEAP authen

The correct answer is D. Enable AAA override on the SSID and configure an access policy in Cisco ISE that allows access. To ensure that only PEAP authentication is used for network access through a wireless network using WPA2 Enterprise with 802.1X, enabling AAA override on an SSID allows individual client authentication requests to be modified by RADIUS server responses dynamically. By configuring

Security for Wireless Client Connectivity

Question

WPA2 Enterprise with 802.1X is being used for clients to authenticate to a wireless network through a Cisco ISE server. For security reasons, the network engineer wants to ensure that only PEAP authentication is used. The engineer sent instructions to clients on how to configure the supplicants, but the ISE logs still show users authenticating using EAP-FAST. Which action ensures that access to the network is restricted for these users unless the correct authentication mechanism is configured?

Options

  • AEnable AAA override on the SSID, gather the usernames of these users, and disable the RADIUS
  • BEnable AAA override on the SSID and configure an ACL on the WLC that allows access to users
  • CEnable AAA override on the SSID and configure an access policy in Cisco ISE that denies access
  • DEnable AAA override on the SSID and configure an access policy in Cisco ISE that allows access

How the community answered

(62 responses)
  • A
    24% (15)
  • B
    11% (7)
  • C
    5% (3)
  • D
    60% (37)

Explanation

To ensure that only PEAP authentication is used for network access through a wireless network using WPA2 Enterprise with 802.1X, enabling AAA override on an SSID allows individual client authentication requests to be modified by RADIUS server responses dynamically. By configuring an access policy in Cisco Identity Services Engine (ISE) that permits access solely when PEAP is used as the EAP authentication method, any user attempting to authenticate using EAP-FAST will be denied network access until their devices are configured correctly for PEAP usage.

Topics

#PEAP#EAP-FAST#AAA override#ISE access policy

Community Discussion

No community discussion yet for this question.

Full 300-430 Practice