Which 802.1x command is needed for dACL to be applied on a switch port?

Which 802.1x command is needed for dACL to be applied on a switch port?
A. dot1x system-auth-control
B. dot1x pae authenticator
C. authentication port-control auto
D. radius-server vsa send authentication
E. aaa authorization network default group radius

cisco-exams

5 thoughts on “Which 802.1x command is needed for dACL to be applied on a switch port?

  1. Answer E

    I think both “radius-server vsa send” and “aaa authorization network default group radius” are needed for ACL to be applied to the port.

    “radius-server vsa send ” allows AV pair to be sent between NAS and RADIUS server.

    The downloadable IP Access-lists use the Cisco Atrribute Value Pair (AVP) “ip:inacl”
    Example: ip:inacl#100=permit ip any 172.20.254.0 0.0.0.255
    ip:inacl#200=deny ip any any

    The command “radius-server vsa send authentication” only sends authentication specifric attributes. The command should be “radius-server vsa send” that sends both authentication and accounting.

    The “aaa authorization network default group radius” command is needed to Governs network authorizations via RADIUS (VLAN / ACL assignment) .

    https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/whitepaper_C11-731907.html

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.