Designing Cisco Data Center Infrastructure (DCID) — Question 133

A company must integrate an iSCSI storage solution into its existing production environment. The new iSCSI network must be accessible from a limited set of network segments. The client devices follow a strict network security policy to access critical data from the storage array. Which design steps must be used to meet these requirements?

Answer options

• A. Place the iSCSI storage appliance on the core switch to isolate it in a private VLAN. Configure a token-based authentication between the storage array and the clients.
• B. Deploy the iSCSI storage appliance on the core switch in a separate VRF. Apply the session mutual authentication (CHAP) method between the targets and initiators.
• C. Connect the iSCSI storage appliance on the core switch using a dedicated port. Apply the session mutual authentication (CHAP) method between the targets and initiators.
• D. Connect the iSCSI storage appliance on the core switch in vPC mode. Configure a token-based authentication between the storage array and the clients.

Correct answer: B

Explanation

Option B is correct because deploying the iSCSI storage appliance in a separate VRF helps isolate the iSCSI traffic and applying CHAP enhances security through mutual authentication. Option A is incorrect as private VLANs do not provide the same level of access control as VRF. Options C and D lack the specific requirement for separate VRF, which is essential for segmenting the iSCSI network securely.