HPE Aruba Certified ClearPass Expert (ACCX) — Question 24

A customer with an ArubaOS-CX 6300M switch is having a performance issue on the network and has received complaints about users experiencing intermittent connectivity. After performing troubleshooting, it is determined that many of the local websites on the LAN that users are unable to reach are resolved to an invalid MAC address.
What are the minimum steps that should be performed to mitigate this condition? (Choose two.)

Answer options

• A. Implement dhcpv4-snooping.
• B. Enable ‘arp inspection untrusted’ on the end-user physical ports.
• C. Enable ‘arp inspection’ on the end-user VLAN.
• D. Implement ARP ACLs to define trusted MAC address to IP bindings.
• E. Enable ‘arp inspection’ on the end-user physical ports.

Correct answer: A, B

Explanation

Implementing dhcpv4-snooping (Option A) allows the switch to keep track of IP-to-MAC address bindings, helping to prevent spoofing. Enabling ‘arp inspection untrusted’ on the end-user physical ports (Option B) protects against ARP spoofing by ensuring only trusted devices can send ARP replies. The other options do not directly address the issue of invalid MAC addresses being resolved.