HPE6-A73 Exam QuestionsBrowse all questions from this exam
Go to Exam

HPE6-A73 Exam - Question 100

The company has just upgraded their access layer switches with AOS-CX switches and implemented an AAA solution with ClearPass. The company has become concerned about what actually connects to the user ports on the access layer switch, Therefore, the company is implementing 802.1X authentication on the AOS-

CX switches. An administrator has globally enabled 802.1X, and has enabled it on all the access ports connected to user devices, including VoIP phones, security cameras, and wireless Aruba IAPs. Wireless users are complaining that they successfully authenticate to the IAPs; however, they do not have access to network resources. Previously, this worked before 802.1X was implemented on the AOS-CX switches.

What should the company do to solve this problem?

Show Answer
Correct Answer: A

The most appropriate solution is to implement device-based mode on the IAP-connected AOS-CX switch ports. By enabling device-based mode, the AOS-CX switch ports will recognize the access points (APs) as trusted devices and not attempt to authenticate the traffic from individual wireless clients once they are authenticated by the APs. This resolves the problem where wireless users successfully authenticate to the APs but still face access issues because the switch tries to re-authenticate their traffic, causing unnecessary authentication conflicts.

Discussion

9 comments
Sign in to comment
AlialoOption: A
Nov 7, 2022

Answer is A. C is not correct, because customer doesnt have MC, only has IAP. Here is the detail explaination from SG: The IAP itself is responsible to handle the authentication, so it would perform 802.1X authentication with the wireless clients. But then the traffic is forwarded as regular traffic on the switch port, so the switch would also attempt to perform authentication of this client. Since the 802.1X traffic of the client is terminated at the IAP, the switch would attempt to perform MAC authentication for the client MAC address. This is unnecessary and confusing, since ClearPass would see the same MAC address as 802.1X authenticated on the IAP, and MAC-authenticated on the switch port. For this scenario, the switch can be set to ‘port-based’ authentication; that is, device mode.

alex711Option: A
Feb 25, 2023

A is correct. page 759

omenOption: C
Sep 1, 2022

I think its C

RockfordOption: C
Oct 5, 2022

C A is a security concern B LUR is task intensive D must already be configured as APs, phones, cameras are already working.

SeidorBrunoOption: A
Jul 2, 2023

Page 690 Study Guide

cpfanOption: A
Sep 23, 2022

Should use device profile

Jo2241Option: A
Oct 11, 2022

Answer A: Device mode = AP authentication and all the clients don't need to authenticate anymore

E_NickOption: C
Oct 28, 2022

C is the correct answer

MrBBOption: C
Oct 29, 2022

You have clearpass so.. UBT and DUR are configurable.