HPE6-A84 topic 1 question 4 (Page 1) — HP Certifications

Pages 1

You must login or register to post a reply

1 Topic by omen 2024-04-25 15:31:27

omen
New member
Offline

Topic: HPE6-A84 topic 1 question 4

A company has an Aruba ClearPass server at 10.47.47.8, FQDN radius.acnsxtest.local. This exhibit shows ClearPass Policy Manager's (CPPM's) settings for an Aruba Mobility Controller (MC).

The MC is already configured with RADIUS authentication settings for CPPM, and RADIUS requests between the MC and CPPM are working. A network admin enters and commits this command to enable dynamic authorization on the MC: aaa rfc-3576-server 10.47.47.8
But when CPPM sends CoA requests to the MC, they are not working. This exhibit shows the RFC 3576 server statistics on the MC:

How could you fix this issue?

A.
Change the UDP port in the MCs’ RFC 3576 server config to 3799.
B.
Enable RadSec on the MCs’ RFC 3676 server config.
C.
Configure the MC to obtain the time from a valid NTP server.
D.
Make sure that CPPM is using an ArubaOS Wireless RADIUS CoA enforcement profile.

2 Reply by [Removed] 2024-04-25 17:09:15

[Removed]
New member
Offline

Re: HPE6-A84 topic 1 question 4

I think the answer is B.
When you define RFC 3576 server you define IP address and shared key. The default value is UDP port 3799.
RADSEC (Secure RADIUS) auth port 2083 and it used Certificates.
When the TLS tunnel is established, RADIUS packets will go through the tunnel and server adds CoA on this tunnel.
By default, the TCP port 2083 is assigned for RadSec. Separate ports are not used for authentication, accounting and dynamic authorization changes.

Posts: 2

Pages 1

You must login or register to post a reply