nerdexam
Cisco

300-430 · Question #237

A wireless engineer must configure IEEE 802.1X authentication on a WLAN that supports new and legacy wireless devices. Which condition must be met for the legacy clients to be able to associate and au

The correct answer is B. The client and the authenticator must support the same authentication protocol.. In IEEE 802.1X wireless authentication, EAPOL frames are exchanged directly between the client and the authenticator, requiring both to support the same EAP method for successful association.

Security for Wireless Client Connectivity

Question

A wireless engineer must configure IEEE 802.1X authentication on a WLAN that supports new and legacy wireless devices. Which condition must be met for the legacy clients to be able to associate and authenticate without issues?

Options

  • AThe authenticator and the authentication server must support the same authentication protocol.
  • BThe client and the authenticator must support the same authentication protocol.
  • CThe client and the controller must support the same authentication protocol.
  • DThe client and the authentication server must support the same authentication protocol.

How the community answered

(16 responses)
  • A
    13% (2)
  • B
    75% (12)
  • C
    6% (1)
  • D
    6% (1)

Why each option

In IEEE 802.1X wireless authentication, EAPOL frames are exchanged directly between the client and the authenticator, requiring both to support the same EAP method for successful association.

AThe authenticator and the authentication server must support the same authentication protocol.

The authenticator and authentication server communicate using RADIUS encapsulation, not a shared EAP protocol - the authenticator relays EAP messages transparently and does not negotiate EAP directly with the RADIUS server.

BThe client and the authenticator must support the same authentication protocol.Correct

In 802.1X, the client (supplicant) and the authenticator (AP or WLC) exchange EAP messages over EAPOL at the wireless layer. The authenticator must support the same EAP authentication protocol as the client to properly facilitate the handshake. For legacy clients using older EAP types, the authenticator must also recognize and relay those protocols - if it does not, the association will fail before reaching the RADIUS server.

CThe client and the controller must support the same authentication protocol.

The 802.1X standard defines the relevant relationship as between the supplicant and the authenticator, not between the client and a controller specifically - 'controller' is too narrow and not the correct 802.1X terminology.

DThe client and the authentication server must support the same authentication protocol.

While EAP is ultimately negotiated end-to-end between the supplicant and the authentication server, the EAPOL exchange at the wireless link layer occurs between the client and the authenticator, making the authenticator's protocol support the binding constraint.

Concept tested: 802.1X EAP protocol compatibility between supplicant and authenticator

Source: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/b_cg85_chapter_01001.html

Topics

#802.1X#legacy clients#EAP protocol#authenticator

Community Discussion

No community discussion yet for this question.

Full 300-430 Practice