Cisco
300-365 · Question #89
300-365 Question #89: Real Exam Question with Answer & Explanation
The correct answer is B: UDP ports 16666 and IP protocol 97 on the firewall. Anchoring guest traffic to a DMZ controller requires opening the correct firewall ports for the EoIP mobility tunnel and configuring a mobility anchor relationship with a controller in the isolated DMZ network.
Question
A security engineer wants all guest users to be terminated on the DMZ of their firewall. Which two configurations must be implemented to fulfill this new requirement? (Choose two.)
Options
- ATCP port 16666 and 16113 in an ACL on the controller
- BUDP ports 16666 and IP protocol 97 on the firewall
- Ca mobility group with a controller in an isolated network on the firewall
- Dan RF group with a controller in an isolated network on the firewall
- EUDP ports 1812 and 1645 in an ACL on the controller
Explanation
Anchoring guest traffic to a DMZ controller requires opening the correct firewall ports for the EoIP mobility tunnel and configuring a mobility anchor relationship with a controller in the isolated DMZ network.
Common mistakes.
- A. TCP is not used for the EoIP mobility tunnel; the correct transport is UDP 16666 combined with IP protocol 97, not TCP ports 16666 and 16113.
- D. An RF group coordinates RF management such as DCA and TPC between controllers and has no role in guest traffic anchoring or firewall traversal.
- E. UDP ports 1812 and 1645 are standard RADIUS authentication and accounting ports and are not required for the inter-controller EoIP mobility tunnel.
Concept tested. Guest anchor controller DMZ deployment and firewall ports
Community Discussion
No community discussion yet for this question.