An administrator is replacing the current access switches with AOS-CX switches. The access layer switches must authenticate user and networking devices connecting to them. Some devices support no form of authentication, and some support 802.1X. Some ports have a VoIP phone and a PC connected to the same port, where the PC is connected to the data port of the phone and the phone's LAN port is connected to the switch.
Which statement is correct about this situation?
The client-limit setting for port access needs to be changed because there are multiple devices connecting through a single port, such as a VoIP phone and a PC. This requires adjusting the port settings to handle multiple authenticating clients effectively, ensuring that each device is authenticated separately. The other options do not address the need to support multiple devices per port appropriately.
I think the answer is C. we need to chnage the client device limit . A is not correct because VOIP device is not for 802.1X
If B refers to MAC authentication, I would chose this, else A. Why I do not believe the answer to be C: the question says: "Some devices support no form of authentication, and some support 802.1X. Some ports have a VoIP phone and a PC connected to the same port," There are devices who support 802.1X and some no authentication at all, which leaves MAC auth as only possibility - or bypassing 802.1X (fallback)
the correct Answer is C
The default for client-limit is 1 "Command specifies the maximum number of clients. Default: 1. Range: 1 to 32 (6200). 1 to 256 (6300, 6400)." Therefore this needs to be change C is correct
Page 693 Study Guide After you set the limit, the port begins tracking MAC addresses and defines the authorization status and settings for each separately. For example, in the scenario with the computer and VoIP phone, the switch port sends an EAP Request/Identity to each separate MAC address detected on the port. If the VoIP phone authenticates successfully, but the computer fails, the computer traffic is blocked. [Aruba Networks]
C is correct page 306 user guide
C - absolutely correct
Pretty sure both A and C are necessary here.
Correct answer is C
C - absolutely correct
fallback mode if for the radius part; client limit is for multiple authent on one port (ie phone + pc) From doc : aaa port-access authenticator <port-list> client-limit <1-32> Used after executing aaa port-access authenticator <port-list> to convert authentication from port-based to user-based. Specifies user-based 802.1X authentication and the maximum number of 802.1X-authenticated client sessions allowed on each of the ports in <port-list>. If a port currently has no authenticated client sessions, the next authenticated client session the port accepts determines the untagged VLAN membership to which the port is assigned during the session. If another client session begins later on the same port while an earlier session is active, the later session will be on the same untagged VLAN membership as the earlier session.
if you want the computer and IP phone to authenticate separately so that an unauthorized user cannot piggyback on the IP phone’s session. Make sure to set the 802.1X client-limit to 2 so that the port operates in user-mode and authenticates each device separately. what is the meaning in A, fallback mode, just combine the MAC-Auth and 802.1X, not fallback