Cisco 400-251: CCIE Security Exam - 802.1X Security Measures

802.1X Security Measures for Corporate-Controlled Wireless Access Points

Prev Question Next Question


Which two security measures are provided when you configure 802.1X on switchports that connect to corporate-controlled wireless access points? (Choose two.)



Click on the arrows to vote for the correct answer

A. B. C. D.


802.1X is a protocol used to provide secure authentication and authorization for devices attempting to connect to a network. When configured on switchports that connect to corporate-controlled wireless access points, it can provide the following two security measures:

  1. Prevents rogue APs from being wired into the network: By configuring 802.1X on switchports that connect to corporate-controlled wireless access points, only authorized access points can connect to the network. This is because 802.1X requires a valid username and password, or other forms of credentials, to be presented before granting access to the network. Rogue access points, which are unauthorized access points that can be set up by attackers or malicious users, will not be able to connect to the network without the proper credentials, effectively preventing unauthorized access to the network.

  2. Prevents rogue clients from accessing the wired network: 802.1X also ensures that only authorized wireless clients can access the wired network through the corporate-controlled wireless access points. When a client attempts to connect to the wireless network, it must provide valid credentials, which are verified by the authentication server. If the credentials are valid, the client is granted access to the network. If the credentials are invalid or the client is unauthorized, access is denied, preventing rogue clients from accessing the wired network.

Option B, which states that 802.1X provides encryption capability of data traffic between APs and controllers, is incorrect. Although encryption can be configured for wireless traffic between access points and controllers, this is not directly related to 802.1X authentication on switchports.

Option D, which states that 802.1X ensures that 802.1X requirements for wired PCs can no longer be bypassed by disconnecting the AP and connecting a PC in its place, is also incorrect. Although 802.1X can prevent unauthorized devices from connecting to the network, it does not prevent authorized devices from being disconnected and replaced by unauthorized devices. This requires additional security measures such as physical security controls and network access controls.