Which packets are allowed on a dot1x port with no authentication open before the port goes to an authorized state?
A. DHCP, EAPOL, HTTP
B. CDP, EAPOL, STP
C. CDP, DHCP, DNS
D. CDP, EAPOL, HTTP
Which packets are allowed on a dot1x port with no authentication open before the port goes to an authorized state?
Correct answer is B.
The port starts in the unauthorized state. While the port is in this state, the port that is not configured as a voice VLAN port disallows all ingress and egress traffic except for 802.1X, Cisco Discovery Protocol, and STP packets.
When a client is successfully authenticated, the port changes to the authorized state and allows all traffic for the client to flow normally.
If the port is configured as a voice VLAN port, the port allows VoIP traffic and 802.1X protocol packets before the client is successfully authenticated. If a client that does not support 802.1X connects to an unauthorized 802.1X port, the switch requests the identity of the client. In this situation, if the client does not respond to the request, the port remains in the unauthorized state, and the client is not granted access to the network.
YES B is the correct answer,
Ports in Authorized and Unauthorized States
Depending on the switch port state, the switch can grant a client access to the network. The port starts
in the unauthorized state. While in this state, the port disallows all incoming and outgoing traffic except
for 802.1x, CDP, and STP packets. When a client is successfully authenticated, the port changes to the
authorized state, allowing all traffic for the client to flow normally.
See Page 4: https://www.cisco.com/c/en/us/td/docs/switches/metro/me3400e/software/release/12-2_55_se/configuration/guide/ME3400e_scg/sw8021x.pdf
B is correct on 100%
HTTP will definitely not be allowed
thus I would say L2 control plane Answer: B
A