350-701 · Question #184
An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the ne
The correct answer is B. UDP 1700. When configuring 802.1X authentication with Change of Authorization (CoA), UDP port 1700 must be opened on the firewall to allow CoA traffic to pass through.
Question
An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?
Options
- ATCP 6514
- BUDP 1700
- CTCP 49
- DUDP 1812
How the community answered
(45 responses)- A2% (1)
- B87% (39)
- C7% (3)
- D4% (2)
Why each option
When configuring 802.1X authentication with Change of Authorization (CoA), UDP port 1700 must be opened on the firewall to allow CoA traffic to pass through.
TCP 6514 is often associated with syslog over TLS, which is a logging protocol, not directly related to 802.1X CoA.
Change of Authorization (CoA) messages are used in 802.1X environments to dynamically alter authorization policies for authenticated users or devices without requiring re-authentication. For these real-time policy updates to flow between the RADIUS server and the network access devices, UDP port 1700 must be explicitly opened on firewalls traversing this traffic.
TCP 49 is the default port for TACACS+, which is a different authentication, authorization, and accounting protocol from RADIUS/CoA.
UDP 1812 is the standard port for RADIUS authentication messages, while UDP 1813 is for RADIUS accounting messages, neither of which is used for CoA.
Concept tested: 802.1X Change of Authorization (CoA) port
Topics
Community Discussion
No community discussion yet for this question.