An engineer designs a new wireless network that uses a Cisco Catalyst 9800 Series wireless controller. The controller must be in a DMZ. The internal network is to be at the main on-premises data center of the customer. In addition, the customer wants to establish an EoIP tunnel to a Cisco 5520 WLC that is in a regional office. How must this requirement be incorporated into the design?
To meet the requirement of incorporating an EoIP tunnel between the Cisco Catalyst 9800 Series wireless controller and the Cisco 5520 WLC, the design should consider encryption of the data plane. Using Cisco IOS-XE code that supports encryption of the data plane on the Catalyst 9800 WLC will provide the necessary security for data transmission over the EoIP tunnel. Encryption of the data plane ensures that data packets remain secure as they travel across potentially insecure networks, such as the DMZ and the regional office connection.
On the 9800 WLC, control plane encryption is always enabled, which means that you need to have secure mobility enabled on the AireOS side. However, data link encryption is optional. If you enable it on the 9800 side, enable it on AireOS with: config mobility group member data-dtls enable https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213913-building-mobility-tunnels-on-catalyst-98.html
B is correct