nerdexam
Cisco

350-401 · Question #1142

Which mechanism can be used to enforce network access authentication against an AAA server if the endpoint does not support the 802.1X supplicant functionality?

The correct answer is A. MAC Authentication Bypass. MAC Authentication Bypass (MAB) is a network access authentication mechanism used for endpoints that do not support 802.1X supplicant functionality, authenticating them against a AAA server using their MAC address.

Submitted by cyberguy42· Mar 6, 2026Security

Question

Which mechanism can be used to enforce network access authentication against an AAA server if the endpoint does not support the 802.1X supplicant functionality?

Options

  • AMAC Authentication Bypass
  • BMACsec
  • Cprivate VLANs
  • Dport security

How the community answered

(37 responses)
  • A
    92% (34)
  • B
    3% (1)
  • C
    5% (2)

Why each option

MAC Authentication Bypass (MAB) is a network access authentication mechanism used for endpoints that do not support 802.1X supplicant functionality, authenticating them against a AAA server using their MAC address.

AMAC Authentication BypassCorrect

MAC Authentication Bypass (MAB) is specifically designed for endpoints that lack 802.1X supplicant capabilities, such as IP phones, printers, or legacy devices. With MAB, the switch uses the endpoint's MAC address as the credential to authenticate against a RADIUS (AAA) server, granting network access upon successful verification.

BMACsec

MACsec (Media Access Control Security) provides Layer 2 encryption and data integrity, but it is not an authentication mechanism against a AAA server for devices that don't support 802.1X.

Cprivate VLANs

Private VLANs (PVLANs) segment a broadcast domain into smaller, isolated subdomains at Layer 2 for security and traffic control, but they are not an authentication mechanism for endpoints.

Dport security

Port security prevents MAC address spoofing and limits the number of MAC addresses on a port, but it is a security feature to control access after authentication or for basic access control, not a method to authenticate non-802.1X devices against a AAA server.

Concept tested: MAC Authentication Bypass (MAB)

Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_h_client_authen/configuration/xe-16/sec-h-client-authen-xe-16-book/sec-h-client-authen-mac.html

Topics

#802.1X authentication#MAC Authentication Bypass#Network Access Control

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice