HPE Aruba Certified Network Security Expert (ACNSX) — Question 18

Examine the output from an AOS-CX switch implementing a dynamic segmentation solution involving downloadable user roles:
Switch# show port-access role clearpass
Role information:
Name : icxarubadur_employee-3044-2

Type : clearpass -

Status: failed, parsing_failed -
Reauthentication Period :
Authentication Mode :
Session Timeout :
The downloadable user roles are not being downloaded to the AOS-CX switch. Based on the above output, what is the problem?

Answer options

• A. The certificate that ClearPass uses in invalid
• B. The AOS-CX switch does not have the ClearPass certificate involved
• C. DNS fails to resolve the ClearPass server's FQDN
• D. There is a date/time issue between the ClearPass server and the switch

Correct answer: C

Explanation

The correct answer is C because if DNS cannot resolve the ClearPass server's FQDN, the switch will fail to communicate with it to download the necessary user roles. Options A and B relate to certificate issues, which are not indicated by the parsing_failed status. Option D suggests a date/time mismatch, which is not the root cause based on the provided output.