nerdexam
Cisco

350-401 · Question #1060

Which mechanism can be used to enforce network access authentication against an AAA server if the endpoint does not support the 802.1X supplicant functionality?

The correct answer is A. WebAuth. WebAuth (Web Authentication) provides a mechanism to authenticate network endpoints that lack 802.1X supplicant functionality by redirecting users to a captive portal for credential submission against an AAA server.

Submitted by emma.c· Mar 6, 2026

Question

Which mechanism can be used to enforce network access authentication against an AAA server if the endpoint does not support the 802.1X supplicant functionality?

Options

  • AWebAuth
  • BMACsec
  • Cprivate VLANs
  • Dport security

How the community answered

(25 responses)
  • A
    88% (22)
  • B
    8% (2)
  • C
    4% (1)

Why each option

WebAuth (Web Authentication) provides a mechanism to authenticate network endpoints that lack 802.1X supplicant functionality by redirecting users to a captive portal for credential submission against an AAA server.

AWebAuthCorrect

WebAuth, commonly known as a captive portal, is a widely used authentication method for devices that do not support 802.1X supplicant functionality. Users or device administrators open a web browser, are redirected to a portal, and authenticate using credentials validated against an AAA server.

BMACsec

MACsec (Media Access Control Security) is a Layer 2 encryption technology that ensures confidentiality and integrity of Ethernet frames but does not provide an authentication mechanism for endpoints against an AAA server.

Cprivate VLANs

Private VLANs are used to isolate ports within a VLAN at Layer 2 to enhance security by preventing direct communication between them, but they do not provide an authentication mechanism for endpoints.

Dport security

Port security restricts access to a switch port based on MAC addresses or limits the number of devices allowed, which is a security control but does not perform user-based authentication against an AAA server.

Concept tested: Non-802.1X endpoint authentication (WebAuth)

Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750x_3560x_scg/swauth.html

Topics

#Network Access Control#AAA authentication#WebAuth

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice