AOS-Switches authenticate guests to ClearPass with captive portal. When guests first connect their device to the network, they are redirected to a captive portal in which they log in. ClearPass then stores the guest MAC addresses, and the guests are permitted access. Due to a conflict, the network administrator needs to change the dynamic authorization port, port 3799 on Aruba ClearPass.
If the administrator forgets to also change the port on one of the AOS-Switches, what will be one symptom?
When the network administrator changes the dynamic authorization port on ClearPass but forgets to also change it on the AOS-Switches, the switch won't accept the Change of Authorization (CoA) messages from ClearPass. As a result, even after guests successfully authenticate in the captive portal, the switch can't update their access state. This means the guests might be redirected back to the portal page instead of getting the appropriate network access.
The correct answer is "B". It is important that the switch is set up to accept this message. You must enable dynamic authorization when you specify ClearPass as the RADIUS server, and you must make sure that the port is correct. The default dynamic authorization port on both AOS-Switches and ClearPass is 3799. (If the switch does not accept the CoA message, the client will not reauthenticate).
I think correct answer is B
D is the good one.