You must provide network connectivity to hosts that fail authentication.
In this scenario, what would be used in a network secured with 802.1X to satisfy this requirement?
You must provide network connectivity to hosts that fail authentication.
In this scenario, what would be used in a network secured with 802.1X to satisfy this requirement?
To provide network connectivity to hosts that fail authentication in a network secured with 802.1X, you can use a guest VLAN. Configuring the server-reject-vlan command allows the network device to move unauthenticated hosts to a specified guest VLAN, thereby granting them limited network access. This ensures that even those hosts that do not pass authentication can still connect to the network, albeit in a restricted manner.
For a device configured for 802.1X authentication, specify that when the device receives an Extensible Authentication Protocol Over LAN (EAPoL) Access-Reject message during the authentication process between the device and the RADIUS authentication server, supplicants attempting to access the LAN are granted access and moved to a specific bridge domain or VLAN. Any bridge domain, VLAN name or VLAN ID sent by a RADIUS server as part of the EAPoL Access-Reject message is ignored.
https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/ref/statement/server-reject-vlan-edit-protocols-dot1x-authenticator-interface-802-1x.html
b is correct