What is an important consideration when implementing a dual SSID design for BYOD?
A.
After using the provisioning SSID, an ACL that used to make the client switch SSIDs forces the user to associate and traverse the network by MAC filtering.
B.
If multiple WLCs are used, the WLAN IDs must be exact for the clients to be provisioned and traverse the network correctly.
C.
SSIDs for this setup must be configured with NAC State-RADIUS NAC for the clients to authenticate with Cisco ISE, or with NAC State-ISE NAC for Cisco ISE to associate the client.
D.
One SSID is for provisioning and the other SSID is for gaining access to the network. The use of an ACL should not be enforced to make the client connect to the REAL SSID after provisioning.
B is correct:
"When implementing BYOD solutions using more than one Wireless LAN Controller, WLAN IDs must be kept consistent. WLAN ID is used by ISE in determining which WLAN (SSID) clients are using to connect to the network. Ensuring each WLAN has the same WLAN ID on each WLC is essential for proper operation and security."
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_Wireless.html
Option B ("If multiple WLCs are used, the WLAN IDs must be exact") is actually a valid statement in the context of a multi-WLC BYOD deployment.
Option D is also correct, as it highlights the two-SSID approach, which is a fundamental aspect of BYOD onboarding.
Thus, the best answer in a multi-WLC BYOD setup would be:
✔ B and D together.
Good job Cisco! FU
B and C are not the correct considerations because:
Option B states that if multiple Wireless LAN Controllers (WLCs) are used, the WLAN IDs must be exact for the clients to be provisioned and traverse the network correctly. However, the consideration for implementing a dual SSID design for BYOD does not necessarily depend on the use of multiple WLCs.
Option C states that the SSIDs for this setup must be configured with specific NAC (Network Access Control) settings for the clients to authenticate with Cisco ISE (Identity Services Engine). While NAC may be a consideration in a BYOD implementation, it is not specifically related to the use of dual SSIDs.
Going with D
Centralized Campus—Dual SSID Design
n this design there are two SSIDs: one provides enrollment/provisioning and the other provides secure network access. After connecting to the BYOD_Provisioning SSID and completing the enrollment and provisioning steps, the user connects to the BYOD_Employee SSID, which provides network access over a secure EAP-TLS connection.
"After the device is provisioned, it is assumed that the user will switch to the second SSID for regular network access. To prevent the user from staying connected to the provisioning SSID, an access list that provides only access to ISE, DHCP, and DNS must be enforced on the provisioning SSID."
This section is not available anymore. Please use the main Exam Page.300-430 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Skliffi
Highly Voted 4 years, 5 months agoPawnstar
3 years, 6 months agoSorvahr
Highly Voted 4 years, 6 months agorrahim
Most Recent 2 months, 1 week agoOcsicccnp
7 months agoOcsicccnp
7 months ago[Removed]
1 year, 6 months agoAhcMez
1 year, 9 months agokthekillerc
3 years, 6 months agoGiuspe
3 years, 6 months agokosminsmile
3 years, 10 months agoPavs0490
3 years, 7 months agomaro_moh
4 years, 2 months ago