A customer requires wireless traffic from the branch to be routed through the firewall at corporate headquarters. A RADIUS server is in each branch location. Which Cisco FlexConnect configuration must be used?
I can clearly say that I found the options on WLC 9800.
Within Policy Profile: Central Switching, Central Authentication, Central DHCP, Central Association. Each option can be set to on (enabled) or off (disabled)
The option to define a local RADIUS server or local users as well is within the flex profile.
The solution “local authentication and central switching“ is possible on WLC 9800.
Since the requirement is to route all wireless traffic through the HQ firewall, we need central switching (which sends all traffic to the HQ controller first).
✅ Local authentication (since RADIUS is at each branch).
✅ Central switching (to ensure traffic is sent to HQ).
💡 Final Answer: 🔹 D. Local authentication and central switching
Where is the information about where the WLC is located? If the WLC is in the cloud or another location but not in HQ? The traffic should go through the firewall to the HQ, the RADIUS is in the location.
Local auth/local switch
(C)
A RADIUS server is in each branch location. -----> local authentication
traffic through the firewall at corporate headquarters -----> central switching
Interesting thing is that the guys Gold Leader ignored the WLC 9800 and are still using AirOS. Is ths an AirOS or IOS XE related question?
I believe you are correct. The valid functional states are
Central auth/central switch
Central auth/local switch
Local auth/local switch
Auth Local/switch central is not a valid state
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-guide/b_cg810/flexconnect.html#ID42
https://wlanlessonslearned.wordpress.com/tag/flexconnect/
Another ambiguous question with subjective answers.
I suspect they are looking for D.
If you were to overthink it though, you could argue that local auth + local switching would cause traffic to go over the WAN and presumably hit the main HQ firewall. But maybe traffic exiting the WLC centrally also goes via a FW. Who knows?
The Flexgroup is however the right place to configure your choice of local AAA servers,
B is correct
There is NO local authentication/central switching in flexconnect state
refer : https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-guide/b_cg810/flexconnect.html#:~:text=192.168.201.226%20255.255.255.229%0Aend%0A!-,Configuring%20the%20Controller%20for%20FlexConnect,-You%20can%20configure
This section is not available anymore. Please use the main Exam Page.300-430 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
peer1024
Highly Voted 1 year, 4 months agorrahim
Most Recent 2 months, 1 week agoBobydigital
5 months, 2 weeks agopeer1024
1 year, 1 month agoGoldLeader
1 year, 3 months agoBrockHarbor
1 year, 2 months agoZanjit500
1 year, 4 months agoyrzy
1 year, 7 months agorph02533
1 year, 10 months agoyrzy
1 year, 7 months ago