An engineer is configuring web authentication using non-standard ports and needs the switch to redirect traffic to the correct port. Which command should be used to accomplish this task?
the redirect to ISE is standard on port 8443 (already a non-standard port)
the reason it does that is because ISE is sending the radius packet containing the redirect URL containing the port
as per best practices on the port you need to allow access to ISE like
permit tcp any host <ISE IP> eq 8443
if you want to change this to a different port you need to allow this communicaiton to ISE using the different port
personally I would't really use option A because it opens up too much but it does the trick
the other answers are not related to web authentication
A is not the answer as it doesn't do any redirection.
To configure web authentication on a non-standard port, the ip http port <port number> command should be used on the switch. This command specifies the HTTP server port number on the switch, enabling it to listen for HTTP requests on a different port than the default (which is typically port 80). When web authentication uses a non-standard port, this command ensures that traffic is redirected to the correct port.
The correct answer is B. (in general you con figure a permit any any to redirect all traffic)
HTTP Proxy Configuration
If you use an HTTP proxy for your clients, it means that your clients:
Use a unconventional port for HTTP protocol
Send all their traffic to that proxy
In order to have the switch listen on the unconventional port (for example, 8080), use these commands:
ip http port 8080
ip port-map http port 8080
You also need to configure all clients to keep using their proxy but to not use the proxy for the ISE IP address. All browsers include a feature that allows you to enter host names or IP addresses that should not use the proxy. If you do not add the exception for the ISE, you encounter a loop authentication page.
You also need to modify your redirection ACL to permit on the proxy port (8080 in this example).
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/113362-config-web-auth-ise-00.html#anc11
A is correct, you must create an ACL and do a deny for the IP of the Cisco ISE server (used in my environment on a WLC for redirection, also explained in this document: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/113362-config-web-auth-ise-00.html
To configure web authentication on a non-standard port, the ip http port <port number> command should be used on the switch. This command specifies the HTTP server port number on the switch, enabling it to listen for HTTP requests on a different port than the default (which is typically port 80). When web authentication uses a non-standard port, this command ensures that traffic is redirected to the correct port.
This section is not available anymore. Please use the main Exam Page.300-715 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MORTND
Highly Voted 1 year, 9 months agoUW
5 months, 3 weeks agoRododendron2
Most Recent 6 days, 14 hours agoCachaman
1 month, 4 weeks ago327c7c8
3 months, 3 weeks agoRedou2201
5 months agoUW
5 months, 3 weeks ago[Removed]
1 year, 4 months agoTHEODORABLE
1 year, 11 months agoCnoteone
2 years, 1 month agoIlPerdan0
2 years, 4 months ago