Cisco Certified Internetwork Expert (CCIE) 2025 – 400 Free Practice Questions to Pass the Exam

The command "authentication port-control auto" is the correct choice for enabling 802.1X authentication on an interface because it configures the port to control the authentication process automatically. When set to "auto," the port will transition between locked and open states based on the authentication status of the connected device. This process allows for the dynamic control of network access, which is fundamental to 802.1X operations.

In the context of 802.1X, this command facilitates the role of the switch port as a gatekeeper for devices attempting to access the network. When a device connects to a port configured with this command, the port initially remains in a "forced unauthorized" state. The port then listens for authentication information from the device, and if the credentials are valid, the port transitions to an "authorized" state, allowing network access.

Other options serve different functions that are not directly related to enabling the 802.1X authentication on an interface. The "aaa authorization auth-proxy default" command is used to configure the authorization for applications using HTTP proxy, but it does not initiate the authentication process itself. Similarly, "aaa authorization network default group tacacs+" is related to TACACS+ for user authorization, not port-based