200-301 Question #1414: Real Exam Question with Answer & Explanation

Question

Refer to the exhibit. A network engineer must configure the WLC to allow only DHCP and DNS packets for User1 and User2. Which configuration must be used?

Options

• AEnable Web Authentication for 802.1X standard in the Layer 2 Security configuration
• BEnable Fallback Policy with MAC filtering under the Layer 3 Security configuration
• CEnable Web policy and Authentication in the Layer 3 Security configuration.
• DEnable Web Authentication under the AAA Server configuration on the WLAN.

Explanation

To allow only DHCP and DNS traffic for unauthenticated users (User1 and User2) on a WLC, the engineer should configure Layer 3 Web Policy and Authentication.

Common mistakes.

• A. Web Authentication is a Layer 3 process, while 802.1X is Layer 2, and this combination is not the primary mechanism for setting specific pre-authentication traffic policies.
• B. Fallback Policy with MAC filtering provides a different security function for client authentication and device identification, but it does not granularly control pre-authentication traffic to permit only DHCP and DNS.
• D. Enabling Web Authentication under the AAA Server configuration is about integrating with the authentication server, not about defining the traffic policy for unauthenticated clients on the WLC itself.

Concept tested. WLC Layer 3 Web Policy (Captive Portal pre-authentication access)

Reference. https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/b_cg85_chapter_01101.html

No community discussion yet for this question.