CCDE: Cisco Certified Design Expert (Practical) — Question 28

Company XYZ uses an office model where the employees can use any open desk and plug their laptops in. They want to authenticate the end users using their domain username and password before allowing them access to the network. The design must also accommodate the ability of controlling traffic within the same group or subnet if a macro (or micro) segmentation-based model is adopted in the future. Which protocol can be recommended for this design to authenticate end users?

Answer options

• A. LDAP
• B. EAP
• C. TACACS+
• D. RADIUS

Correct answer: D

Explanation

RADIUS is the correct choice because it allows for centralized authentication, authorization, and accounting for users accessing the network, which aligns with the company's requirements. LDAP is primarily for directory services, while TACACS+ is more suited for device administration rather than user authentication. EAP is a framework for network access but does not provide the full authentication service on its own like RADIUS does.