A company has a third-party AAA server solution. The campus access layer was just upgraded to AOS-CX switches that perform access control with MAC-Auth and 802.1X. The company has an Aruba gateway solution for wireless, and they want to leverage the firewall policies on the controllers for the wired traffic.
What is correct about how the company should implement a security solution where the wired traffic is processed by the gateways?
The company should implement local user roles with a gateway role defined on the AOS-CX switches. Downloadable user roles (DUR) are typically used with Aruba ClearPass, but since the company has a third-party AAA server, DUR is not an option here. Local user roles ensure that the necessary policies are applied locally on the switches and integrated with the gateway for wired traffic processing.
D is correct. DUR is only possible with Clearpass, but the customer has a third-party AAA server
I go with D, too. DUR is only a thing with Clearpass
Page 751 Study Guide: For example, the MC might apply MAC Auth or 802.1X — or some combination. After successful authentication, the controller applies a role to the traffic. Based on that role, it controls traffic with firewall policies and other policy actions. Finally, it forwards the packet towards its destination. [Aruba Networks]