You are designing an Aruba ClearPass Policy Manager (CPPM) solution for a customer. You learn that
the customer has a Palo Alto firewall that filters traffic between clients in the campus and the data
center.
Which integration can you suggest?
Question No 2
Refer to the scenario.
A customer has an Aruba ClearPass cluster. The customer has AOS - CX switches that implement 802.1X authentication to ClearPass Policy Manager (CPPM). Switches are using local port - access policies. The customer wants to start tunneling wired clients that pass user authentication only to an Aruba gateway cluster. The gateway cluster should assign these clients to the “eth - internet" role. The gateway should also handle assigning clients to their VLAN, which is VLAN 20. The plan for the enforcement policy and profiles is shown below
The gateway cluster has two gateways with these IP addresses • Gateway 1 o VLAN 4085 (system IP) = 10.20.4.21 o VLAN 20 (users) = 10.20.20.1 o VLAN 4094 (WAN) = 198.51.100.14 • Gateway 2 o VLAN 4085 (system IP) = 10.20.4.22 o VLAN 20 (users) = 10.20.20.2 o VLAN 4094 (WAN) = 198.51.100.12 • VRRP on VLAN 20 = 10.20.20.254 The customer requires high availability for the tunnels between the switches and the gateway cluster. If one gateway falls, the other gateway should take over its tunnels. Also, the switch should be able to discover the gateway cluster regardless of whether one of the gateways is in the cluster. You are setting up the UBT zone on an AOS - CX switch. Which IP addresses should you define in the zone?
Question No 3
Refer to the scenario. A customer requires these rights for clients in the “medical - mobile” AOS firewall role on Aruba Mobility Controllers (MCs) Permitted to receive IP addresses with DHCP Permitted access to DNS services from 10.8.9.7 and no other server Permitted access to all subnets in the 10.1.0.0/16 range except denied access to 10.1.12.0/22 Denied access to other 10.0.0.0/8 subnets Permitted access to the Internet Denied access to the WLAN for a period of time if they send any SSH traffic Denied access to the WLAN for a period of time if they send any Telnet traffic Denied access to all high - risk websites External devices should not be permitted to initiate sessions with “medical - mobile” clients, only send return traffic. The exhibits below show the configuration for the role.
There are multiple issues with this configuration. What is one change you must make to meet the scenario requirements? (In the options, rules in a policy are referenced from top to bottom. For example, “medical - mobile” rule 1 is “ipv4 any any svc - dhcp permit,” and rule 8 is “ipv4 any any any permit”.)
Question No 4
A company has an Aruba ClearPass server at 10.47.47.8, FQDN radius.acnsxtest.local. This exhibit shows ClearPass Policy Manager's (CPPM's) settings for an Aruba Mobility Controller (MC).
The MC is already configured with RADIUS authentication settings for CPPM, and RADIUS requests between the MC and CPPM are working. A network admin enters and commits this command to enable dynamic authorization on the MC aaa rfc - 3576 - server 10.47.47.8 But when CPPM sends CoA requests to the MC, they are not working. This exhibit shows the RFC 3576 server statistics on the MC
How could you fix this issue?
Question No 5
Refer to the scenario.
A customer requires these rights for clients in the “medical - mobile” AOS firewall role on Aruba
Mobility Controllers (MCs)
Permitted to receive IP addresses with DHCP
Permitted access to DNS services from 10.8.9.7 and no other server
Permitted access to all subnets in the 10.1.0.0/16 range except denied access to 10.1.12.0/22
Denied access to other 10.0.0.0/8 subnets
Permitted access to the Internet
Denied access to the WLAN for a period of time if they send any SSH traffic
Denied access to the WLAN for a period of time if they send any Telnet traffic
Denied access to all high - risk websites
External devices should not be permitted to initiate sessions with “medical - mobile” clients, only
send return traffic.
The exhibits below show the configuration for the role.
What setting not shown in the exhibit must you check to ensure that the requirements of the
scenario are met?