HPE Aruba Certified Network Security Expert (ACNSX) — Question 31

A company has a third-party AAA server solution. The campus access layer was just upgraded to AOS-CX switches that perform access control with MAC-Auth and 802.1X. The company has an Aruba Mobility Controller (MC) solution for wireless, and they want to leverage the firewall policies on the controllers for the wired traffic.
What is correct about how the company should implement a security solution where the wired traffic is processed by the MCs?

Answer options

• A. Implement downloadable user roles with a gateway role defined on the AOS-CX switches
• B. Implement local user roles with a gateway role defined on the AOS-CX switches
• C. Implement standards-based RADIUS VSAs to pass policy information directly to the AOS-CX switches and MCs
• D. Implement downloadable user roles with a device role defined on the AOS-CX switches and MCs

Correct answer: B

Explanation

The correct answer is B because local user roles allow the AOS-CX switches to apply firewall policies directly, which is essential for wired traffic management. Option A is incorrect as downloadable roles require a different setup, while options C and D do not align with the requirement for local roles to manage wired traffic effectively through the controllers.