nerdexam
Cisco

350-401 · Question #1217

When should the MAC authentication bypass feature be used on a switch port?

The correct answer is C. when authentication is required, but the attached host does not support 802.1X. MAC Authentication Bypass (MAB) Explained Why C is Correct: MAC Authentication Bypass (MAB) is specifically designed for devices that cannot run 802.1X (such as printers, IP phones, cameras, or legacy devices). When a port detects no 802.1X response from the connected device, MAB

Submitted by hassan_iq· Mar 6, 2026Security

Question

When should the MAC authentication bypass feature be used on a switch port?

Options

  • Awhen the attached host supports 802.1X and must authenticate itself based on its MAC address
  • Bwhen the attached host supports limited 802.1X
  • Cwhen authentication is required, but the attached host does not support 802.1X
  • Dwhen authentication should be bypassed for select hosts based on their MAC address

How the community answered

(20 responses)
  • C
    95% (19)
  • D
    5% (1)

Explanation

MAC Authentication Bypass (MAB) Explained

Why C is Correct: MAC Authentication Bypass (MAB) is specifically designed for devices that cannot run 802.1X (such as printers, IP phones, cameras, or legacy devices). When a port detects no 802.1X response from the connected device, MAB allows authentication to proceed using the device's MAC address as both the username and password sent to a RADIUS server.

Why the Distractors Are Wrong:

  • A is wrong because if a host supports 802.1X, it should authenticate using 802.1X directly - MAB is unnecessary and redundant in that scenario.
  • B is wrong because "limited 802.1X" support still means the device can participate in 802.1X; MAB is a fallback for no 802.1X support whatsoever.
  • D is wrong because that describes a completely different concept - authentication exemption or open authentication - not MAB, which still performs authentication (just via MAC address instead of 802.1X credentials).

Memory Tip: Think of MAB as the "no 802.1X? No problem" feature - it's the fallback authentication method for dumb devices that can't speak 802.1X, using their MAC address as their identity.

Topics

#MAC Authentication Bypass#802.1X#Network Access Control#Authentication

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice