350-401 · Question #1209
Refer to the exhibit. A client requests a new SSID that will use web-based authentication and external RADIUS servers. Which Layer 2 security mode must be selected?
The correct answer is B. None. Option B (None) is correct because web-based authentication (also called WebAuth or captive portal) operates at Layer 3, not Layer 2. When using external RADIUS servers for web-based authentication, no Layer 2 encryption or security mechanism is applied to the wireless frame itse
Question
Refer to the exhibit. A client requests a new SSID that will use web-based authentication and external RADIUS servers. Which Layer 2 security mode must be selected?
Exhibits
Options
- AWPA2 + WPAS
- BNone
- CStatic WEP
- DWPA+WPA2
How the community answered
(36 responses)- A11% (4)
- B81% (29)
- C3% (1)
- D6% (2)
Explanation
Option B (None) is correct because web-based authentication (also called WebAuth or captive portal) operates at Layer 3, not Layer 2. When using external RADIUS servers for web-based authentication, no Layer 2 encryption or security mechanism is applied to the wireless frame itself - the authentication happens after the client associates, through a web browser redirect. Selecting "None" for Layer 2 security allows clients to associate openly, after which the controller redirects HTTP traffic to a login page validated by the RADIUS server.
Why the distractors are wrong: WPA2+WPA2 (A) and WPA+WPA2 (D) are Layer 2 encryption standards that require credential exchange before association completes, which conflicts with the web-based authentication flow. Static WEP (C) is also a Layer 2 security method that encrypts frames at association, again incompatible with a captive portal approach.
Memory Tip: Think of it this way - "Web auth lives at Layer 3, so Layer 2 gets None." If authentication happens in a browser after connecting, the wireless connection itself must be open (no Layer 2 security), because the client needs to associate first before being redirected to the login page.
Topics
Community Discussion
No community discussion yet for this question.

