ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-701 All Questions

View all questions & answers for the 350-701 exam
Go to Exam

Exam 350-701 topic 1 question 346 discussion

Actual exam question from Cisco's 350-701
Question #: 346
Topic #: 1
[All 350-701 Questions]

A Cisco ISE engineer configures Central Web Authentication (CWA) for wireless guest access and must have the guest endpoints redirect to the guest portal for authentication and authorization. While testing the policy, the engineer notices that the device is not redirected and instead gets full guest access. What must be done for the redirect to work?

  • A. Tag the guest portal in the CWA part of the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit.
  • B. Create an advanced attribute setting of Cisco:cisco-gateway-id=guest within the authorization profile for the authorization policy line that the unauthenticated devices hit.
  • C. Add the DACL name for the Airespace ACL configured on the WLC in the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit.
  • D. Use the track movement option within the authorization profile for the authorization policy line that the unauthenticated devices hit.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Lacko9 at Oct. 17, 2022, 3:58 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Lacko9
Highly Voted 2 years, 8 months ago
Selected Answer: A
I believe it should be A based on: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216330-ise-self-registered-guest-portal-configu.html
upvoted 10 times
smartcarter
2 years, 7 months ago
Hi. From the link you posted, the answer is C. The Access-List created on the WLC must be referenced in the Common task section of the ISE to allow guest redirection work. Ans is C.
upvoted 5 times
zimmer54
2 years, 4 months ago
You can't put the WLC ACL name on Airespace ACL. Correct A
upvoted 2 times
Joseph47
2 years, 4 months ago
at ISE > Common Task > Wireless LAN Controller (WLC)—To choose, select the check box and enter an ACL name in the text field https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_authz_polprfls.html#wp1082783
upvoted 1 times
Joseph47
2 years, 4 months ago
so C is correct
upvoted 4 times
...
...
...
...
...
kloug
Most Recent 7 months, 4 weeks ago
Answer a
upvoted 1 times
...
LTLnetworker
1 year, 4 months ago
Selected Answer: A
it is not a DACL, it is an ACL in WLC AireSpace that name must match the ACL name in ISE
upvoted 2 times
...
XBfoundX
1 year, 8 months ago
The only one that can be right is A. A dynamic ACL does not redirect traffic is just saying you are allowed to reach that traffic, for redirecting the traffic in the common task you select the type of portal hotspot, cwa and so one, after that you write by yourself the redirect-acl and then you select the specific portal. You will not use the DACL for redirecting the traffic.
upvoted 2 times
...
nep1019
1 year, 10 months ago
Selected Answer: A
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213920-central-web-authentication-cwa-on-cata.html#toc-hId-881505252 Search for authorization profile and it's step 2. DACL isn't an ACL everyone ;)
upvoted 3 times
...
unclemonkeyboy
2 years ago
Selected Answer: A
Not to muddy the waters here, But C can't be it because it references a DACL (Downloadable ACL). Which if it is referencing an ACL that is already created on the WLC, it would use a DACL. It would just reference the already created ACL. https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216330-ise-self-registered-guest-portal-configu.html
upvoted 4 times
unclemonkeyboy
2 years ago
I meant, "It wouldn't use a DACL".
upvoted 2 times
...
nep1019
1 year, 10 months ago
It's discretionary ACL, but yeah, based on the doc, it's an ACL and not a DACL that gets applied.
upvoted 1 times
...
...
majster88
2 years, 1 month ago
Selected Answer: A
The correct answer is A. I know this from a practise.
upvoted 4 times
...
johnnybgud
2 years, 1 month ago
Answer is A. The devices arent being redirected and instead have full access. You need to update the authorization profile to enable CWA redirection. This will ensure that they are placed in a URL_Redirect state that limits their access to the CWA portal. No ACL / DACL required for this state...
upvoted 1 times
majster88
2 years, 1 month ago
That's correct. Anyone who configured Guest Access with ISE and WLC at least once knows that. The C is wrong
upvoted 1 times
...
...
bigjostie
2 years, 1 month ago
Selected Answer: C
C: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216330-ise-self-registered-guest-portal-configu.html
upvoted 3 times
...
tramollaaaa
2 years, 2 months ago
Selected Answer: C
C is correct
upvoted 2 times
...
sull3y
2 years, 3 months ago
A. Tag the guest portal in the CWA part of the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit. In order to redirect guest endpoints to the guest portal for authentication and authorization, the engineer must tag the guest portal in the CWA part of the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit. This will ensure that the endpoints are redirected to the portal for authentication and authorization before gaining full access to the network.
upvoted 3 times
...
khinesheinwin
2 years, 3 months ago
Selected Answer: C
C is correct
upvoted 3 times
...
luisseijuro
2 years, 4 months ago
Selected Answer: C
Guest-Portal (with redirection to Guest portal Cisco_Guest and a Redirect ACL named GuestRedirect). This GuestRedirect ACL was created earlier on WLC. https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216330-ise-self-registered-guest-portal-configu.html
upvoted 3 times
...
Jamesy
2 years, 5 months ago
I vote for A. Cheers
upvoted 1 times
...
Emlia1
2 years, 6 months ago
C ????
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel