Configuring a Switchport for Port Security with 802.1X Support

Adding Commands for Multiple Device Support

Prev Question Next Question

Question

When configuring a switchport for port security that will support multiple devices and that has already been configured for 802.1X support, which two commands need to be added? (Choose two.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

AC.

Still Valid.

When configuring a switchport for port security that will support multiple devices and has already been configured for 802.1X support, the following two commands need to be added:

A. The 802.1X port configuration must be extended with the command dot1x multiple-host. B. The switchport configuration needs to include the command switchport port-security.

Explanation:

A. The 802.1X port configuration must be extended with the command dot1x multiple-host: When 802.1X authentication is used on a switchport, it allows only one device to connect and authenticate at a time. However, in some cases, it may be necessary to allow multiple devices to connect to the same switchport. In such cases, the "dot1x multiple-host" command is used to enable multiple devices to authenticate on the same switchport. This command allows the switchport to accept multiple EAPOL-Start frames, each from a different host, which helps to prevent port security violations.

B. The switchport configuration needs to include the command switchport port-security: The "switchport port-security" command enables port security on a switchport. Port security allows you to restrict the number of MAC addresses that can be learned on a switchport, and it can help prevent unauthorized devices from connecting to the network. In this case, port security is required to be enabled on the switchport to support multiple devices.

C. The 802.1X port configuration does not need to be extended with the command dot1x port-security: The "dot1x port-security" command is not a valid command. There is no command named dot1x port-security that extends the 802.1X port configuration.

D. The switchport configuration does not need to include the port-security aging command: The "port-security aging" command is used to set the time interval for the aging of secure MAC addresses. It is not required to be configured for port security to support multiple devices on the switchport.

E. The 802.1X port configuration needs to remain in port-control force-authorized rather than port-control auto: The "port-control force-authorized" command is used to force the port into the authorized state even if no EAPOL frames are received. This command is commonly used for devices that do not support 802.1X authentication, such as printers and IP phones. However, this command is not relevant to the configuration of port security to support multiple devices on the switchport. The switchport should remain in "port-control auto" mode for 802.1X authentication to occur properly.