CCNP Security 350-701 Book

ExplanationThe profiling service issues the change of authorization in the following cases:– Endpoint deleted—When an endpoint is deleted from the Endpoints page and the endpoint is disconnectedor removed from the network.An exception action is configured—If you have an exception action configured per profile that leads to anunusual or an unacceptable event from that endpoint. The profiling service moves the endpoint to thecorresponding static profile by issuing a CoA.– An endpoint is profiled for the first time—When an endpoint is not statically assigned and profiled for the first time; for example, the profile changes from an unknown to a known profile.+ An endpoint identity group has changed—When an endpoint is added or removed from an endpoint identity group that is used by an authorization policy.The profiling service issues a CoA when there is any change in an endpoint identity group, and the endpoint identity group is used in the authorization policy for the following:

The command show authen sess int gi0/1 displays the authentication session information for the interface gi0/1, such as the MAC address, the authentication method, the authentication state, the session timeout, and the VLAN assignment. This command is useful for verifying the status of an 802.1X connection on a specific interface. The other commands are not related to 802.1X authentication. The command show authorization status displays the authorization status for the current user. The command show connection status gi0/1 is not a valid Cisco command. The command show ver gi0/1 displays the version information for the interface gi0/1. References: 802.1X Authentication Commands, Configuring IEEE 802.1x Port-Based Authentication, What Cisco command shows you the status of an 802.1X connection on interface gi0/1?

ExplanationThe command “snmp-server user user-name group-name [remote ip-address [udp-port port]] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password]} [access access-list]” adds a new user (in this case “andy”) to an SNMPv3 group (in this case group name “myv3”) and configures a password for the user.In the “snmp-server host” command, we need to:+ Specify the SNMP version with key word “version {1 | 2 | 3}”+ Specify the username (“andy”), not group name (“myv3”).Note: In “snmp-server host inside …” command, “inside” is the interface name of the ASA interface through which the NMS (located at 10.255.254.1) can be reached.