HPE Aruba Certified ClearPass Expert (ACCX) — Question 32

You are providing consulting services to a customer who has recently deployed a pair of ArubaOS-CX 8320s utilizing the VSX feature. Your task is to explain how the customer can harden the ArubaOS-CX operating system and protect the control plane.
Which statements about control plane polices are true? (Choose two.)

Answer options

• A. To protect the 00B port, the CoPP policy must be applied to the loopback interface.
• B. The default CoPP is always applied at first boot.
• C. Default CoPP policy applies to default VRF, and a same or new policy can be applied to custom VRF when they are created.
• D. The amount of individual CoPP entries is limited, and only one policy can be active at a time.
• E. IPv4 and IPv6 traffic requires separate CoPP policies and can have different thresholds for each type of traffic.

Correct answer: A, C

Explanation

The correct statements are A and C. Statement A is correct because the CoPP policy must be applied to the loopback interface to protect the control plane. Statement C is accurate as the default CoPP policy applies to the default VRF, and a new policy can indeed be applied to a custom VRF. The other options are incorrect; B is wrong because the default CoPP policy is not always applied at first boot, D is incorrect since multiple CoPP policies can exist, and E is wrong as IPv4 and IPv6 can share the same CoPP policy.