When is MAC authentication bypass enabled by default?
A. When 802.1x authentication times out B. When 802.1x authentication fails
C. When two-factor authentication is configured
D. After 802.1x authentication verifies the client’s identity
When is MAC authentication bypass enabled by default?
Then it wouldn’t be enabled by default. It would use MAB to authenticate, while when the identity is verified, MAB is actually enabled (the MAC learned is allowed through).
A small distinction is wording.
D remains the valid answer.
A is the correct answer
(see https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/config_guide_c17-663759.html#wp9000135)
Also:
Delay: When used as a fallback mechanism to IEEE 802.1X, MAB waits for IEEE 802.1X to time out before validating the MAC address. During the timeout period, no network access is provided by default.
It takes 90 seconds by default for the port to start MAB.
Because of the impact on MAB endpoints, most customers change the default values of tx-period and max-reauth-req to allow more rapid access to the network.
Link: https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/config_guide_c17-663759.html