Secure Network Access Control - Network Access Control (NAC)
13 important questions on Secure Network Access Control - Network Access Control (NAC)
What are the 3 roles network devices can have with 802.1X?
2. Authenticator (Network Access Device)
3. Authentication Server (RADIUS server)
What is MAC Authentication Bypass (MAB) and how does it work?
The Authenticator learns the MAC address from the Supplicant if the 802.1X phase times out which it then authenticates against the Authentication Server.
What is the default order when 802.1X, MAB and WebAuth is enabled?
2. MAB
3. WebAuth
- Higher grades + faster learning
- Never study anything twice
- 100% sure, 100% understanding
What is Enhanced Flexible Authentication (FlexAuth)?
For example 802.1X and MAB.
It is a key component of Cisco Identity-Based Networking Services
What is Cisco Identity-Based Networking Services (IBNS) 2.0?
1. Enhanced FlexAuth (Access Session Manager)
2. Cisco Common Classification Policy Language (C3PL)
3. Cisco ISE
What is Cisco TrustSec?
It uses Security Group Tags (SGTs) to perform Ingress tagging and Egress filtering to enforce access control policy.
What are dynamic ways users and devices can be given SGTs by Cisco TrustSec?
What are the 3 phases of TrustSec?
2. Propagation
3. Egress Enforcement
What are the 2 options for Ingress Classification in Cisco TrustSec?
2. Static Assignment (IP, Subnet, VLAN, Layer2 interface, Layer 3 interface, Port or Port Profile)
What are the 2 methods of Propagation in Cisco TrustSec?
2. SXP Propagation (TCP-bases P2P protocol. SGT tagged packets can be transported from a SXP device over Non-TrustSec devices to another SXP device)
What are the 2 major types of Egress Enforcement in Cisco TrustSec?
2. Security Group Firewall (SGFW) Enforcement on firewalls. Require tag-based rules to be defined locally on the firewall.
What are 2 MACsec keying mechanisms available?
2. MACsec Key Agreement (MKA) protocol (provides session keys and manages encryption keys. Supported between endpoints and switches as well as between switches.
What is the difference between Downlink MACsec and Uplink MACsec?
Uplink MACsec is between two switches. Between two cisco switches Cisco SAP is used by default.
The question on the page originate from the summary of the following study material:
- A unique study and practice tool
- Never study anything twice again
- Get the grades you hope for
- 100% sure, 100% understanding