Why this answer
The switch acts as the authenticator and forwards authentication requests to the RADIUS server, which validates the user or device credentials.
Exam trap
A common exam trap is assuming the RADIUS server handles functions beyond authentication, such as DHCP IP address assignment or ARP gateway replies. Candidates might mistakenly believe that RADIUS negotiates switchport trunking or manages Layer 2 connectivity, which it does not. This confusion often arises because RADIUS is involved in network access control but does not replace other network services.
Misunderstanding these roles can lead to selecting incorrect options that describe unrelated network functions, causing errors in the exam.
Why the other options are wrong
Option A is incorrect because the RADIUS server does not handle Layer 2 trunk negotiation. Trunking is managed by protocols such as DTP or manual switchport configuration, not by the authentication server.