Which statement about 802.1X security profiles using MAC-based authentication mode is true? (Choose one answer)

A. FortiSwitch allows connectivity to all hosts connected to a port, if one host is authenticated.
B. FortiSwitch can grant each device a different access level based on the credentials provided.
C. FortiSwitch performs faster when using this security mode on the ports.
D. FortiSwitch must communicate with the RADIUS server to authenticate devices.

Correct Answer: B

Brave-Dump Clients Votes

B 100%

Comments

javaughn Bryan 2025-10-02 20:01:33

Selected Answers: B

To configure 802.1X authentication on FortiSwitch, you must first create a security policy. When you configure a security policy, you must select Port-based or MAC-based in the Security mode field. Port-based is preferred when you expect a single host per port to authenticate, even though there may be multiple hosts connecting to the same port. Under this scenario, FortiSwitch authenticates a single host, and opens the port to other devices behind the port. A use case for this scenario could be an access point (AP). After the AP authenticates against the switch, any of its connected devices can access the network despite them using a different MAC address from the one used by the AP during authentication. In addition, all devices are granted the same access level assigned to the AP. However, if you want to authenticate each device behind a port, and optionally, grant each device a different access level based on the credentials provided, then MAC-based is required. Security-wise, MAC-based is preferred because each host (or MAC address) behind the port must authenticate for accessing the network. Performance-wise, port-based is better because only a single host is required to authenticate.

PAGE: 232