An engineer is implementing RADIUS to restrict administrative control to the network with the WLC management IP address of 192.168.1.10 and an AP subnet of 192.168.2.0/24. Which entry does the engineer define in the RADIUS server?
A.
administrative access defined on the WLC and the network range 192.168.2.0/255.255.254.0
B.
NAS entry of the virtual interface and the network range 192.168.2.0/255.255.255.0
C.
shared secret defined on the WLC and the network range 192.168.1.0/255.255.254.0
D.
WLC roles for commands and the network range 192.168.1.0/255.255.255.0
I would say the correct answer should be C because the subnet given will cover both the mgmt interface and the AP range. Also the shared secret used on the WLC needs to be defined on the RADIUS.
The management IP of the WLC and the AP subnet must have be NAS entries on the RADIUS server in order for it to process the packet(s).
https://techhub.hpe.com/eginfolib/networking/docs/switches/12500/5998-4885_security_cr/content/378521628.htm#:~:text=A%20RADIUS%20server%20identifies%20a,the%20server%20processes%20the%20packet.
Evaluating Option C:
✅ "Shared secret defined on the WLC and the network range 192.168.1.0/255.255.254.0"
The shared secret between the WLC and RADIUS is required for authentication.
The subnet 192.168.1.0/23 (255.255.254.0) covers both 192.168.1.x (WLC) and 192.168.2.x (APs).
Since the APs communicate with the WLC for management and authentication, this subnet would allow both devices to be recognized within the same range.
🔹 This is indeed a correct and efficient approach, making Option C a strong contender.
Evaluating Option B:
🔸 "NAS entry of the virtual interface and the network range 192.168.2.0/255.255.255.0"
The NAS entry should be the virtual interface or management IP of the WLC.
However, limiting the subnet to only 192.168.2.0/24 means that it does not explicitly cover the WLC's management IP (192.168.1.10).
This might work for AP authentication but not necessarily for full WLC management authentication.
🚨 Potential Issue: If the WLC itself needs authentication via RADIUS, the WLC’s management IP must be within the defined range.
Final Decision:
Given that Option C includes both the WLC management IP and AP subnet, as well as the required shared secret, it is indeed the best choice.
💡 Final Answer: ✅ C. "Shared secret defined on the WLC and the network range 192.168.1.0/255.255.254.0"
NAS (Network Access Server) Entry:
The NAS entry in the RADIUS server identifies the device (in this case, the WLC) that is acting as the gateway for RADIUS authentication.
The virtual interface IP address of the WLC is typically used for this purpose.
Network Range:
The AP subnet is 192.168.2.0/24, so the network range should be defined as 192.168.2.0/255.255.255.0 to match the AP subnet.
What do You neeed for RADIUS? shared secret and IP address OR IP address range! Using a IP address range is not the best design but it will work! Keep in mind RADIUS need a "shared secret" nothing else. The given ip addres range contains the WLC and all IPs.
Careful.
192.168.1.0 /23 (192.168.0.1 - 192.168.1.254)
192.168.2.0 /23 (192.168.2.1 - 192.168.3.254)
Neither covers both AP mgmt and WLC. I actually think the AP mgmt reference is a bum steer and irrelevent.
Closest is C though.
Another ridiculous illogical question with no logical answer. Well done Cisco, well done.
upvoted 5 times
...
This section is not available anymore. Please use the main Exam Page.300-430 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Robesera
Highly Voted 2 years agodaeman
Highly Voted 2 years, 1 month agoRobesera
2 years agorrahim
Most Recent 2 months, 1 week agorrahim
2 months, 1 week agorrahim
2 months, 3 weeks ago[Removed]
9 months, 2 weeks agopeer1024
1 year, 1 month agoZanjit500
1 year, 4 months ago