Exam 300-425 topic 1 question 192 discussion

9800-CL - cloud based WLC - hash key is required in AireOS config C is not correct (control path encrypted by default)

D is correct. The Cisco Catalyst 9800 Series control path is DTLS encrypted by default. Data path DTLS can be enabled when you add the mobility peer.

C. Encrypted mobility is being used in the 5520 configuration, which causes the control path to be down: This is correct. The AireOS 5520 configuration shows that encrypted mobility is enabled. Encrypted mobility requires additional configuration steps, such as exchanging certificates between the devices, to establish a secure control path. Since the control path is down, it's likely that these additional steps have not been completed.

C. Encrypted mobility is being used in the 5520 configuration, which causes the control path to be down. Explanation: The AireOS 5520 configuration explicitly enables encrypted mobility (encrypt enable and data-dtls enable), which requires corresponding support on the 9800-CL. If the 9800-CL does not have compatible settings or the proper certificate setup, the control path will not establish correctly due to encryption mismatches. The key issue is likely related to encrypted mobility configurations not aligning properly between the devices, requiring either configuration adjustments or additional settings for compatibility.

C. Encrypted mobility is being used in the 5520 configuration, which causes the control path to be down. Explanation: The AireOS 5520 configuration explicitly enables encrypted mobility (encrypt enable and data-dtls enable), which requires corresponding support on the 9800-CL. If the 9800-CL does not have compatible settings or the proper certificate setup, the control path will not establish correctly due to encryption mismatches. The key issue is likely related to encrypted mobility configurations not aligning properly between the devices, requiring either configuration adjustments or additional settings for compatibility.