Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 248

A Cisco ISE engineer configures Central Web Authentication (CWA) for wireless guest access and must have the guest endpoints redirect to the guest portal for authentication and authorization. While testing the policy, the engineer notices that the device is not redirected and instead gets full guest access. What must be done for the redirect to work?

Answer options

• A. Tag the guest portal in the CWA part of the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit.
• B. Create an advanced attribute setting of Cisco:cisco-gateway-id=guest within the authorization profile for the authorization policy line that the unauthenticated devices hit.
• C. Add the DACL name for the Airespace ACL configured on the WLC in the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit.
• D. Use the track movement option within the authorization profile for the authorization policy line that the unauthenticated devices hit.

Correct answer: A

Explanation

The correct answer is A because tagging the guest portal in the CWA section ensures that unauthenticated devices are redirected to the appropriate guest portal for access. Options B and C do not address the need for a redirect, and option D relates to tracking device movement, which is not relevant to the redirect issue at hand.