Designing Cisco Enterprise Wireless Networks (ENWLSD) — Question 193

A customer has this wireless design:
• two Cisco Catalyst 9800 Series wireless controllers configured in a high-availability SSO cluster to manage APs in the local office network
• 100 APs in local mode and registered to the high-availability cluster
• one Catalyst 9800 Series wireless controller that is deployed as an anchor in a DMZ
• Cisco ISE for user authentication and authorization

The customer wants to deploy a new SSID to support staff BYOD devices and authenticate users via Cisco ISE. The SSID terminates on the anchor WLC. How must the requirement be incorporated into the design to address the AAA servers for the WLAN?

Answer options

• A. Send the AAA server accounting and authentication traffic from the high-availability cluster.
• B. Send the AAA server accounting and authentication traffic from the anchor WLC.
• C. Send the accounting traffic from the anchor WLC and the authentication traffic from the high-availability cluster.
• D. Send the accounting traffic from the high-availability cluster and the authentication traffic from the anchor WLC.

Correct answer: B

Explanation

The correct answer is B because the anchor WLC is responsible for terminating the SSID and thus should handle all AAA server traffic related to authentication and accounting. The other options incorrectly suggest routing traffic from the high-availability cluster, which would not align with the design requirement of the SSID terminating at the anchor WLC.