Exam 200-301 topic 1 question 841 discussion

Never heard of NAS-ID until now :O

D is the only answer that makes sense

C is correct - When users connect to the same SSID ("Office") across multiple locations, their access level must remain consistent. To achieve this, the NAS-ID (Network Access Server Identifier) must be the same across all branch networks. The NAS-ID (Network Access Server Identifier) is a unique identifier sent by an access point (AP) or controller to the RADIUS server during authentication. It helps RADIUS servers distinguish authentication requests from different locations while applying the same policies across all branches. If the NAS-ID is the same at all locations, the RADIUS server can enforce the same access level for all users, regardless of their physical location. C is incorrect - While security policies are important, they apply per site unless enforced by a central authentication system like RADIUS with NAS-ID.

The NAS-ID (Network Access Server Identifier) configuration ensures that users connecting to the same SSID (“Office”) at different locations are recognized and provided with the same access level. This identifier helps in maintaining consistent access policies across multiple branch offices

i think it's c

Cisco uses big words to confuse us. Actually these terms refer to simple things. Radio policy - It's just 802.11a/b/g/n. We call them WiFi versions or WiFi standards in human language. Security policy - WPA, WPA2, WPA3, RADIUS, 802.11X etc - We call it authentication and encryption method in human language. "Profile name" is already human language, no need to translate. So the answer is C - NAS-ID configuration, which tells the WLC to process authentication and authorisation using a network access server. The authorisation part decides what access level to grant to a user. Sorry, I can't find an official document describing this scenario. If you find one please let us know.

C is correct.

Network access server identifier (NAS-ID) is used to notify the source of a RADIUS access request, which enables the RADIUSservertochooseapolicyforthat request. ' You can configure one on each WLANprofile, VLANinterface, or access point group. The NAS-ID is sent to the RADIUS server by the controller through an authentication request to classify users to different groups. This enables the RADIUS server to send a customized authentication response.

D is correct

I think it Profile Name

"You can configure a network access server identifier (NAS-ID) for each WLAN profile, VLAN interface, or AP group. NAS-ID is a string that is sent to the RADIUS server by the controller through an authentication request to classify users to different groups so that the RADIUS server can send a customized authentication response." After being classified into those groups, RADIUS can then determine and enforce access policies. "If a RADIUS server authenticates the User successfully, the RADIUS server returns configuration information to the NAS so that it can provide network service to the user. This configuration information is composed of "authorizations" and contains, among others, the type of service NAS may provide to the User (for example, PPP, or telnet)."

In order for every user who connects to the SSID “Office” at any location to have the same access level, the security policies (D) must be set the same on each network. Security policies determine the permissions of users accessing the network. Therefore, to provide the same level of access at all locations, the same security policies must be applied at each location. This can include user authentication, data encryption, network access control, etc. This way, users will have the same level of access when connecting to the “Office” SSID, regardless of their location.

The question was about setting the same access level for users connecting to the "Office" SSID at different locations. The NAS-ID is a way to classify users into different groups or policies on a RADIUS server based on attributes sent by the NAS, but it doesn't inherently ensure the same access level for all users connecting to the "Office" SSID across multiple locations. A profile name in a Wi-Fi network context typically refers to a configuration profile that defines various settings for a specific SSID, including security settings, authentication methods, access policies, and other network parameters. By ensuring that the profile name is consistent across all branch offices, the administrator is effectively making sure that users connecting to the "Office" SSID will have the same access level and experience, regardless of their physical location.

Going with D, since NAS-ID configuration is not purely to do with WIFI. NAS-ID is used to notify the source of a RADIUS access request, which enables the RADIUS server to choose a policy for that request.

why B is not the answer? As long as they have the same profile name, they are under the same instance, so the access should be the same?

D. security policies must be set the same on each network to meet the requirement of providing every user who connects to the SSID at any location with the same access level. Security policies define the level of access granted to users on the network, including authentication, encryption, and authorization rules. By ensuring that the same security policies are applied to the SSID at all locations, the administrator can ensure that users have the same level of access, regardless of which branch office they are connecting from. Radio policies (A) control the radio settings of the Wi-Fi network, such as channel, power, and data rates. Profile name (B) refers to the name assigned to a specific network configuration profile. NAS-ID configuration (C) is a setting used in RADIUS authentication, which is not directly related to Wi-Fi network access levels.

Not sure if the answer is C or D...