HPE Aruba Certified ClearPass Expert (ACCX) — Question 15

A customer with an ArubaOS-CX 6300M switch is having a performance issue on the network and has received complaints about users experiencing intermittent connectivity. After performing troubleshooting, it is determined that many of the local websites on the LAN that users are unable to reach are resolved to an invalid MAC address.
What are the minimum steps that should be performed to mitigate this condition? (Choose two.)

Answer options

• A. Implement ARP ACLs to define trusted MAC address to IP bindings.
• B. Implement dhcpv4-snooping.
• C. Enable ‘arp inspection’ on the end-user VLAN.
• D. Enable ‘arp inspection’ on the end-user physical ports.
• E. Enable ‘arp inspection untrusted’ on the end-user physical ports.

Correct answer: C, E

Explanation

The correct answers are C and E. Enabling 'arp inspection' on the end-user VLAN (C) helps ensure that only valid ARP requests and replies are processed, thus preventing invalid MAC address resolutions. Additionally, applying 'arp inspection untrusted' (E) on the physical ports allows the switch to validate ARP packets from those ports, further mitigating the risk of incorrect MAC address associations. The other options do not directly address the issue of invalid MAC addresses in the context described.