350-401 · Question #1217
When should the MAC authentication bypass feature be used on a switch port?
The correct answer is C. when authentication is required, but the attached host does not support 802.1X. MAC Authentication Bypass (MAB) Explained Why C is Correct: MAC Authentication Bypass (MAB) is specifically designed for devices that cannot run 802.1X (such as printers, IP phones, cameras, or legacy devices). When a port detects no 802.1X response from the connected device, MAB
Question
When should the MAC authentication bypass feature be used on a switch port?
Options
- Awhen the attached host supports 802.1X and must authenticate itself based on its MAC address
- Bwhen the attached host supports limited 802.1X
- Cwhen authentication is required, but the attached host does not support 802.1X
- Dwhen authentication should be bypassed for select hosts based on their MAC address
How the community answered
(20 responses)- C95% (19)
- D5% (1)
Explanation
MAC Authentication Bypass (MAB) Explained
Why C is Correct: MAC Authentication Bypass (MAB) is specifically designed for devices that cannot run 802.1X (such as printers, IP phones, cameras, or legacy devices). When a port detects no 802.1X response from the connected device, MAB allows authentication to proceed using the device's MAC address as both the username and password sent to a RADIUS server.
Why the Distractors Are Wrong:
- A is wrong because if a host supports 802.1X, it should authenticate using 802.1X directly - MAB is unnecessary and redundant in that scenario.
- B is wrong because "limited 802.1X" support still means the device can participate in 802.1X; MAB is a fallback for no 802.1X support whatsoever.
- D is wrong because that describes a completely different concept - authentication exemption or open authentication - not MAB, which still performs authentication (just via MAC address instead of 802.1X credentials).
Memory Tip: Think of MAB as the "no 802.1X? No problem" feature - it's the fallback authentication method for dumb devices that can't speak 802.1X, using their MAC address as their identity.
Topics
Community Discussion
No community discussion yet for this question.