A network administrator wants to use dynamic VLAN assignment from Cisco ISE. Which option must be configured on the switch to support this?
A. AAA authentication
B. VTP
C. DTP
D. AAA authorization
Which option must be configured on the switch to support this?
I have to lean,more towards Answer D
The 802.1X framework provides authentication and authorization of clients that seek network access. The authorization features include the following:
VLAN assignment: With VLAN assignment, the authentication server can associate a VLAN with a particular user or group, and instruct the switch to dynamically assign the authenticated user into that VLAN. If your organization uses an access control method that is based on different VLANs (with routed ACLs or a firewall system configured egress to the VLANs), this method can easily provide strong access control and auditing within an enterprise network.
ACL assignment: With ACL assignment, the authentication server can associate an ACL with a particular user or group, and instruct the NAD to dynamically assign the ACL to the session of the user. This mechanism provides a very granular access control method because it extends to the port level.
Time-based access: With time-based access, the authentication server can control the times at which a certain user is allowed to connect to the network.
Cisco TrustSec: Security group access provides topology-independent, scalable access control. With security group access, the ingress switches classify data traffic for a particular role and tag the traffic with security group tags. The egress network devices evaluate the security group tags and perform filtering by applying the appropriate security group ACLs to the packets.
D is the answer. Dynamic VLAN assignment is a authorization component. It happened after authenticating.
A is the correct answer.
Dynamic VLAN assignment is one such feature that places a wireless user into a specific VLAN based on the credentials supplied by the user. This task of assigning users to a specific VLAN is handled by a RADIUS authentication server, such as CiscoSecure ACS. This can be used, for example, to allow the wireless host to remain on the same VLAN as it moves within a campus network.
Source: https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-vlan/71683-dynamicvlan-config.html