ExamTopics Logo
Mail Us[email protected]
Menu
Hp Discussions
exam questions

Exam HPE6-A73 All Questions

View all questions & answers for the HPE6-A73 exam
Go to Exam

Exam HPE6-A73 topic 1 question 100 discussion

Actual exam question from HP's HPE6-A73
Question #: 100
Topic #: 1
[All HPE6-A73 Questions]

The company has just upgraded their access layer switches with AOS-CX switches and implemented an AAA solution with ClearPass. The company has become concerned about what actually connects to the user ports on the access layer switch, Therefore, the company is implementing 802.1X authentication on the AOS-
CX switches. An administrator has globally enabled 802.1X, and has enabled it on all the access ports connected to user devices, including VoIP phones, security cameras, and wireless Aruba IAPs. Wireless users are complaining that they successfully authenticate to the IAPs; however, they do not have access to network resources. Previously, this worked before 802.1X was implemented on the AOS-CX switches.
What should the company do to solve this problem?

  • A. Implement device-based mode on the IAP-connected AOS-CX switch ports.
  • B. Implement local user roles and local forwarding on the AOS-CX switches.
  • C. Implement downloadable user roles and user-based tunneling (UBT) on the AOS-CX switches.
  • D. Implement AAA RADIUS change of authorization on the AOS-CX switches.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by omen at Sept. 1, 2022, 9:05 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SeidorBruno
11 months, 1 week ago
Selected Answer: A
Page 690 Study Guide
upvoted 2 times
...
alex711
1 year, 3 months ago
Selected Answer: A
A is correct. page 759
upvoted 3 times
...
Alialo
1 year, 7 months ago
Selected Answer: A
Answer is A. C is not correct, because customer doesnt have MC, only has IAP. Here is the detail explaination from SG: The IAP itself is responsible to handle the authentication, so it would perform 802.1X authentication with the wireless clients. But then the traffic is forwarded as regular traffic on the switch port, so the switch would also attempt to perform authentication of this client. Since the 802.1X traffic of the client is terminated at the IAP, the switch would attempt to perform MAC authentication for the client MAC address. This is unnecessary and confusing, since ClearPass would see the same MAC address as 802.1X authenticated on the IAP, and MAC-authenticated on the switch port. For this scenario, the switch can be set to ‘port-based’ authentication; that is, device mode.
upvoted 3 times
...
MrBB
1 year, 7 months ago
Selected Answer: C
You have clearpass so.. UBT and DUR are configurable.
upvoted 1 times
...
E_Nick
1 year, 7 months ago
Selected Answer: C
C is the correct answer
upvoted 1 times
...
Jo2241
1 year, 7 months ago
Selected Answer: A
Answer A: Device mode = AP authentication and all the clients don't need to authenticate anymore
upvoted 1 times
...
Rockford
1 year, 8 months ago
C A is a security concern B LUR is task intensive D must already be configured as APs, phones, cameras are already working.
upvoted 2 times
...
cpfan
1 year, 8 months ago
Selected Answer: A
Should use device profile
upvoted 1 times
...
omen
1 year, 9 months ago
Selected Answer: C
I think its C
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel