Which solution should the architect recommend on the 2930M switches to authenticate and control wired employee devices?

Read this scenario thoroughly, and then answer each question that displays on the right side of the screen.
An architect proposes these products for a customer who wants a wireless and wired upgrade:
1. Aruba 2930M switches at the access layer
2. Aruba 5406R switches at the core
3. Aruba AP-325s
4. Aruba 7205 Mobility Controllers (MCs), deployed in a cluster
5. Aruba Mobility Master (MM)
6. Aruba ClearPass Cx000V
7. Aruba AirWare
The architect also needs to propose a security plan for the solution. The customer has 900 employees and up to 30 guests a day. The customer wants to protect the internal perimeter of the network with authentication and simple access controls. The customer is most concerned about wireless security, but also wants to ensure that only trusted users connect on the wire. However, the customer also wants all wired traffic to be forwarded locally on access layer switches. The customer already has a third-party firewall that protects the data center.
The customer wants to use certificates to authenticate user devices, but is concerned about the complexity of deploying the solution. The architect should recommend a way to simplify. For the most part users connect company-issued laptops to the network. However, users can bring their own devices and connect them to the network. The customer does not know how many devices each user will connect, but expects about two or three per-user. DHCP logs indicate that the network supports a maximum of 2800 devices.
Refer to the provided scenario.
Which solution should the architect recommend on the 2930M switches to authenticate and control wired employee devices?
A. MAC-Auth on edge ports and no tunneled node
B. 802.1X on edge ports and per-user tunneled node
C. 802.1X on edge ports and no tunneled node
D. Mac-Auth on edge ports and per-user tunneled node

Download Printable PDF. VALID exam to help you PASS.

4 thoughts on “Which solution should the architect recommend on the 2930M switches to authenticate and control wired employee devices?

  1. Answer is C

    Since ““However, the customer also wants all wired traffic to be forwarded locally on access layer switches. ” + they have Clearpass

    شكرا

  2. The question ask about employee connection. 802.1x support both employee and guest authentication, however it is common to combines 802.1x and user tunnel node for employees.

    Answer is B.

    1
    1
    1. Problem said “However, the customer also wants all wired traffic to be forwarded locally on access layer switches. ” so it is no tunneled mode.

  3. Since the users will be bringing their own devices to the network, MAC Auth would be difficult to manage. Best answer would be C

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.