Wireless network users authenticate to Cisco ISE using 802.1X through a Cisco Catalyst sw…

Question

Wireless network users authenticate to Cisco ISE using 802.1X through a Cisco Catalyst switch. An engineer must create an updated configuration to assign a security group tag to the user’s traffic using inline tagging to prevent unauthenticated users from accessing a restricted server. The configurations were performed:
• configured Cisco ISE as a Cisco TrustSec AAA server
• configured the switch as a RADIUS device in Cisco ISE
• configured the wireless LAN controller as a TrustSec device in Cisco ISE
• created a security group tag for the wireless users
• created a certificate authentication profile
• created an identity source sequence
• assigned an appropriate security group tag to the wireless users
• defined security group access control lists to specify an egress policy
• enforced the access control lists on the TrustSec policy matrix in Cisco ISE
• configured TrustSec on the switch
• configured TrustSec on the wireless LAN controller

Accepted Answer

Correct answer: A, B. A. Create static IP-to-SGT mapping for the restricted web server. — B. Configure inline tag propagation on the switch and wireless LAN controller. — Creating a static IP-to-SGT mapping for the restricted web server ensures that the server is correctly classified under the appropriate security group, which is crucial for access control. Configuring inline tag propagation on both the switch and wireless LAN controller is necessary for the security group tags to be effectively applied to user traffic throughout the network. The other options relate to configurations that, while relevant, do not directly complete the requirement specified in the question.

Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 279

Answer options

Correct answer: A, B

Explanation