350-401 Question #607: Real Exam Question with Answer & Explanation

Question

Which two statements about MAC Authentication Bypass are true? (Choose two.)

Options

• ATraffic from an endpoint is authorized to pass after MAB authenticates the MAC address of the
• BDuring the learning stage, the switch examines multiple packets from the endpoint to determine
• CAfter the switch learns the MAC address of the endpoint, it uses TACACS+ to authenticate it.
• DAfter learning a source MAC address, it sends the host a RADIUS Account-Request message to
• EThe MAC address of a device serves as its user name and password to authenticate with a

Explanation

MAC Authentication Bypass (MAB) authenticates devices using their MAC address, allowing their traffic to pass, where the MAC address itself serves as both the username and password.

Common mistakes.

• B. MAB typically triggers authentication upon the first packet from an unknown MAC address, rather than requiring examination of multiple packets in a dedicated 'learning stage' for the MAB process itself.
• C. MAB uses RADIUS for authentication with external servers like Cisco ISE, not TACACS+, which is primarily used for device administration authentication.
• D. After learning a source MAC address, the switch sends a RADIUS Access-Request message (not an Account-Request) to the authentication server to authenticate the device, while Account-Request messages are for accounting.

Concept tested. MAC Authentication Bypass (MAB) functionality

Reference. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750x_cg/sw8021x.html

No community discussion yet for this question.