nerdexam
Cisco

300-430 · Question #260

An engineer needs to configure the infrastructure for wireless clients to use IEEE 802.1X to the onboarding VLAN. After authentication and profiling, it must be determined if the client is a company d

The correct answer is C. Change of Authorization. Moving a wireless client from an onboarding VLAN to a corporate VLAN after profiling requires RADIUS Change of Authorization (CoA), which dynamically re-authorizes a client mid-session without full re-authentication.

Wireless Security and Mobility

Question

An engineer needs to configure the infrastructure for wireless clients to use IEEE 802.1X to the onboarding VLAN. After authentication and profiling, it must be determined if the client is a company device that is up-to-date. After this step, the device must connect to the corporate VLAN and access all resources. What must be implemented to meet these requirements?

Options

  • AChange of Authentication
  • BCompletion of Authentication
  • CChange of Authorization
  • DCompletion of Authorization

How the community answered

(26 responses)
  • A
    15% (4)
  • B
    4% (1)
  • C
    73% (19)
  • D
    8% (2)

Why each option

Moving a wireless client from an onboarding VLAN to a corporate VLAN after profiling requires RADIUS Change of Authorization (CoA), which dynamically re-authorizes a client mid-session without full re-authentication.

AChange of Authentication

'Change of Authentication' is not a defined RADIUS standard or Cisco feature relevant to dynamic mid-session VLAN reassignment.

BCompletion of Authentication

'Completion of Authentication' is not a recognized network access control term or RFC standard.

CChange of AuthorizationCorrect

Change of Authorization (CoA), defined in RFC 5176 and supported by Cisco ISE, allows a RADIUS server to push a new authorization policy to the NAS after the initial session is established. After the client authenticates to the onboarding VLAN and is profiled as a compliant company device, ISE sends a CoA to the WLC, which causes the client to be re-authorized and placed onto the corporate VLAN without requiring a full re-authentication cycle.

DCompletion of Authorization

'Completion of Authorization' is not a defined RADIUS standard or Cisco feature relevant to post-profiling VLAN assignment.

Concept tested: RADIUS Change of Authorization for dynamic VLAN assignment post-profiling

Source: https://www.cisco.com/c/en/us/td/docs/security/ise/3-3/admin_guide/b_ise_admin_3_3/b_ISE_admin_33_compliance.html

Topics

#Change of Authorization#CoA#802.1X#dynamic VLAN assignment

Community Discussion

No community discussion yet for this question.

Full 300-430 Practice