Cisco Certified Internetwork Expert (CCIE) Practice Test

Which command is used to enable 802.1x authentication on an interface?

• A. authentication port-control auto
• B. aaa authorization auth-proxy default
• C. aaa authorization network default group tacacs+
• D. authentication control-direction both

The correct answer is: authentication port-control auto

The command "authentication port-control auto" is the correct choice for enabling 802.1X authentication on an interface because it configures the port to control the authentication process automatically. When set to "auto," the port will transition between locked and open states based on the authentication status of the connected device. This process allows for the dynamic control of network access, which is fundamental to 802.1X operations. In the context of 802.1X, this command facilitates the role of the switch port as a gatekeeper for devices attempting to access the network. When a device connects to a port configured with this command, the port initially remains in a "forced unauthorized" state. The port then listens for authentication information from the device, and if the credentials are valid, the port transitions to an "authorized" state, allowing network access. Other options serve different functions that are not directly related to enabling the 802.1X authentication on an interface. The "aaa authorization auth-proxy default" command is used to configure the authorization for applications using HTTP proxy, but it does not initiate the authentication process itself. Similarly, "aaa authorization network default group tacacs+" is related to TACACS+ for user authorization, not port-based