A network engineer wants to change how employees authenticate to the wireless network.
Rather than providing a pre-shared key, the engineer wants employees to be able to authenticate with the same unique company user ID and password they use for accessing other services, such as email and document sharing.
The engineer also wants to receive daily reports of login attempts on the wireless network.
Which of the following should be installed to achieve this goal?
A.
LDAP server B.
UTM appliance C.
Multilayer switch D.
AAA/RADIUS server.
D.
A network engineer wants to change how employees authenticate to the wireless network.
Rather than providing a pre-shared key, the engineer wants employees to be able to authenticate with the same unique company user ID and password they use for accessing other services, such as email and document sharing.
The engineer also wants to receive daily reports of login attempts on the wireless network.
Which of the following should be installed to achieve this goal?
A.
LDAP server
B.
UTM appliance
C.
Multilayer switch
D.
AAA/RADIUS server.
D.
The correct answer is D. AAA/RADIUS server.
The engineer wants to change the authentication method for the wireless network from a pre-shared key to using company user IDs and passwords, which implies the need for a centralized authentication server. An authentication server will allow users to authenticate with their existing company credentials, such as a unique user ID and password used for accessing other services like email and document sharing.
AAA (Authentication, Authorization, and Accounting) and RADIUS (Remote Authentication Dial-In User Service) are protocols commonly used for centralized authentication, authorization, and accounting of network devices. AAA provides a framework for controlling access to network resources, while RADIUS is a protocol that allows centralized authentication of remote access clients, such as wireless users.
An AAA/RADIUS server is installed to achieve this goal as it allows for centralized authentication, authorization, and accounting of network devices. The wireless network access points will be configured to use the RADIUS protocol to authenticate users with their unique company user ID and password. The AAA/RADIUS server will validate the user credentials against the company's existing authentication database, such as Active Directory or LDAP (Lightweight Directory Access Protocol) server.
In addition, the engineer wants to receive daily reports of login attempts on the wireless network. An AAA/RADIUS server is capable of providing accounting information, including log files that can be used to generate reports. Therefore, an AAA/RADIUS server is the most appropriate solution for this scenario.
Option A, LDAP server, is a protocol used for accessing and maintaining distributed directory information services over an IP network. While LDAP can be used for centralized authentication, it does not provide authorization or accounting capabilities, which are required in this scenario.
Option B, UTM (Unified Threat Management) appliance, is a security solution that provides multiple security functions, such as firewall, intrusion prevention, and content filtering, in a single device. While UTM appliances can be used to authenticate users, they do not provide centralized authentication, authorization, and accounting capabilities required in this scenario.
Option C, multilayer switch, is a network switch that can perform routing and layer 3 switching functions. While multilayer switches can provide some basic security features, they do not provide centralized authentication, authorization, and accounting capabilities required in this scenario.