300-715 · Question #186
300-715 Question #186: Real Exam Question with Answer & Explanation
The correct answer is B: The 802.1X timeout period is too long.. {"question_number": 10, "correct_answer": "B", "explanation": "When a port is configured for 802.1X with MAB fallback, the switch first attempts 802.1X authentication. During this 802.1X supplicant timeout period, the port is in an authenticating state and typically drops or does
Question
An administrator is troubleshooting an endpoint that is supposed to bypass 802.1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB. However the endpoint cannot communicate because it cannot obtain an IP address. What is the problem?
Options
- AThe DHCP probe for Cisco ISE is not working as expected.
- BThe 802.1X timeout period is too long.
- CThe endpoint is using the wrong protocol to authenticate with Cisco ISE.
- DAn AC I on the port is blocking HTTP traffic
Explanation
{"question_number": 10, "correct_answer": "B", "explanation": "When a port is configured for 802.1X with MAB fallback, the switch first attempts 802.1X authentication. During this 802.1X supplicant timeout period, the port is in an authenticating state and typically drops or does not forward non-EAP traffic, including DHCP. If the 802.1X timeout is too long, the endpoint's initial DHCP DISCOVER is sent while the port is still waiting for 802.1X to time out-the DHCP packet is dropped and never reaches the DHCP server. By the time 802.1X times out and MAB succeeds (granting network access), the DHCP client's retransmit window may have also expired, leaving the endpoint without an IP address even though it has link-layer network access. Shortening the 802.1X timeout ensures MAB kicks in quickly, the port is authorized before the DHCP client gives up, and the endpoint successfully obtains an IP.", "generated_by": "claude-sonnet", "llm_judge_score": 4}
Topics
Community Discussion
No community discussion yet for this question.