HPE Aruba Certified Network Security Expert (ACNSX) — Question 114

A company has a third-party AAA server solution. The campus access layer was just upgraded to AOS-CX switches that perform access control with MAC-Auth and 802.1X. The company has an Aruba gateway solution for wireless, and they want to leverage the firewall policies on the controllers for the wired traffic.
What is correct about how the company should implement a security solution where the wired traffic is processed by the gateways?

Answer options

• A. Implement standards-based RADIUS VSAs to pass policy information directly to the AOS-CX switches and gateways.
• B. Implement downloadable user roles with a gateway role defined on the AOS-CX switches.
• C. Implement downloadable user roles with a device role defined on the AOS-CX switches and gateways.
• D. Implement local user roles with a gateway role defined on the AOS-CX switches.

Correct answer: D

Explanation

The correct answer is D because implementing local user roles with a gateway role on the AOS-CX switches allows for effective control of wired traffic using the existing firewall policies. Options A, B, and C are incorrect as they involve downloadable roles or RADIUS VSAs that do not directly support the requirement for local user roles with specific gateway roles in this scenario.