HPE Aruba Certified Network Security Expert (ACNSX) — Question 97

The company has just upgraded their access layer switches with AOS-CX switches and implemented an AAA solution with ClearPass. The company has become concerned about what actually connects to the user ports on the access layer switch, Therefore, the company is implementing 802.1X authentication on the AOS-
CX switches. An administrator has globally enabled 802.1X, and has enabled it on all the access ports connected to user devices, including VoIP phones, security cameras, and wireless Aruba IAPs. Wireless users are complaining that they successfully authenticate to the IAPs; however, they do not have access to network resources. Previously, this worked before 802.1X was implemented on the AOS-CX switches.
What should the company do to solve this problem?

Answer options

• A. Implement device-based mode on the IAP-connected AOS-CX switch ports.
• B. Implement local user roles and local forwarding on the AOS-CX switches.
• C. Implement downloadable user roles and user-based tunneling (UBT) on the AOS-CX switches.
• D. Implement AAA RADIUS change of authorization on the AOS-CX switches.

Correct answer: A

Explanation

The correct answer is A, as implementing device-based mode allows the switch ports to recognize the types of devices connected, which can facilitate proper access for VoIP phones and IAPs. The other options either do not address the specific issue of identifying devices connected to the ports or introduce unnecessary complexity without solving the immediate problem of network resource access for wireless users.