Explanation: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/15-0_2_se
/configuration/guide/scg3750/sw8021x.pdf
The protocol that is used between an endpoint and a switch with an 802.1 authentication is EAP, which stands for Extensible Authentication Protocol. EAP is a framework that defines how the endpoint (also called the supplicant) and the switch (also called the authenticator) exchange authentication messages over a wired or wireless network. EAP supports various authentication methods, such as passwords, certificates, tokens, or biometrics, and can be encapsulated in different transport protocols, such as RADIUS, Diameter, or EAPOL. EAP is used in 802.1X authentication, which is a standard for port-based network access control that prevents unauthorized access to a network1.
The other options, TACACS, MAB, and RADIUS, are not protocols that are used between an endpoint and a switch with an 802.1 authentication. TACACS is a protocol that provides remote authentication and authorization for network devices, such as routers or switches, but it is not used for endpoint authentication. MAB is a technique that uses the MAC address of an endpoint as a credential for 802.1X authentication, but it is not a protocol itself. RADIUS is a protocol that provides centralized authentication, authorization, and accounting for network access, but it is not used directly between the endpoint and the switch, but rather between the switch and the authentication server1. References := : 2: What Is 802.1X Authentication? How Does 802.1x Work? - Fortinet2, 1: IEEE 802.1X - Wikipedia1
