350-701 · Question #48
Which RADIUS attribute can you use to filter MAB requests in an 802.1x deployment?
The correct answer is B. 6. RADIUS attribute 6 (Service-Type) can be used to filter MAC Authentication Bypass (MAB) requests in an 802.1x deployment.
Question
Which RADIUS attribute can you use to filter MAB requests in an 802.1x deployment?
Options
- A1
- B6
- C31
- D2
How the community answered
(31 responses)- A6% (2)
- B90% (28)
- C3% (1)
Why each option
RADIUS attribute 6 (Service-Type) can be used to filter MAC Authentication Bypass (MAB) requests in an 802.1x deployment.
RADIUS attribute 1 is `User-Name`, which typically carries the MAC address itself for MAB, but it doesn't inherently filter the *type* of MAB request.
RADIUS attribute 6, known as `Service-Type`, can be used to distinguish between different types of authentication requests, including MAC Authentication Bypass (MAB). Specifically, for MAB, the `Service-Type` is typically set to `Call-Check`, allowing the RADIUS server to apply specific policies or filters based on this attribute type.
RADIUS attribute 31 is `Calling-Station-Id`, which carries the MAC address of the supplicant or device in MAB, but it does not filter the *type* of authentication request.
RADIUS attribute 2 is `User-Password`, which is not relevant for filtering MAB requests as MAB does not use a password.
Concept tested: RADIUS attributes for MAB filtering
Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750x_cg/swdot1x.html
Topics
Community Discussion
No community discussion yet for this question.