300-430 · Question #260
An engineer needs to configure the infrastructure for wireless clients to use IEEE 802.1X to the onboarding VLAN. After authentication and profiling, it must be determined if the client is a company d
The correct answer is C. Change of Authorization. Moving a wireless client from an onboarding VLAN to a corporate VLAN after profiling requires RADIUS Change of Authorization (CoA), which dynamically re-authorizes a client mid-session without full re-authentication.
Question
An engineer needs to configure the infrastructure for wireless clients to use IEEE 802.1X to the onboarding VLAN. After authentication and profiling, it must be determined if the client is a company device that is up-to-date. After this step, the device must connect to the corporate VLAN and access all resources. What must be implemented to meet these requirements?
Options
- AChange of Authentication
- BCompletion of Authentication
- CChange of Authorization
- DCompletion of Authorization
How the community answered
(26 responses)- A15% (4)
- B4% (1)
- C73% (19)
- D8% (2)
Why each option
Moving a wireless client from an onboarding VLAN to a corporate VLAN after profiling requires RADIUS Change of Authorization (CoA), which dynamically re-authorizes a client mid-session without full re-authentication.
'Change of Authentication' is not a defined RADIUS standard or Cisco feature relevant to dynamic mid-session VLAN reassignment.
'Completion of Authentication' is not a recognized network access control term or RFC standard.
Change of Authorization (CoA), defined in RFC 5176 and supported by Cisco ISE, allows a RADIUS server to push a new authorization policy to the NAS after the initial session is established. After the client authenticates to the onboarding VLAN and is profiled as a compliant company device, ISE sends a CoA to the WLC, which causes the client to be re-authorized and placed onto the corporate VLAN without requiring a full re-authentication cycle.
'Completion of Authorization' is not a defined RADIUS standard or Cisco feature relevant to post-profiling VLAN assignment.
Concept tested: RADIUS Change of Authorization for dynamic VLAN assignment post-profiling
Source: https://www.cisco.com/c/en/us/td/docs/security/ise/3-3/admin_guide/b_ise_admin_3_3/b_ISE_admin_33_compliance.html
Topics
Community Discussion
No community discussion yet for this question.