nerdexam
Cisco

300-430 · Question #310

An engineer is configuring wireless guests using Cisco CWA. When a device connects, it must be redirected to the WebAuth, but this was failing. What must be configured for the device to be redirected

The correct answer is A. Configure the ACL name on the anchor controller.. In Cisco Central Web Authentication (CWA), the redirect ACL must be configured on the anchor controller so the WLC can apply the redirect policy to unauthenticated guest clients.

Wireless Security and Mobility

Question

An engineer is configuring wireless guests using Cisco CWA. When a device connects, it must be redirected to the WebAuth, but this was failing. What must be configured for the device to be redirected correctly?

Options

  • AConfigure the ACL name on the anchor controller.
  • BEnabled DHCP option 7.
  • CAllow ICMP toward the portal.
  • DRemove the CN entry from the SAN.

How the community answered

(46 responses)
  • A
    72% (33)
  • B
    4% (2)
  • C
    15% (7)
  • D
    9% (4)

Why each option

In Cisco Central Web Authentication (CWA), the redirect ACL must be configured on the anchor controller so the WLC can apply the redirect policy to unauthenticated guest clients.

AConfigure the ACL name on the anchor controller.Correct

In a CWA deployment using a foreign-anchor topology, the redirect ACL name returned by the AAA server in the Access-Accept message must be configured locally on the anchor WLC. Without a matching ACL on the anchor controller, the WLC cannot enforce the redirect policy and the client will not be sent to the WebAuth portal.

BEnabled DHCP option 7.

DHCP option 7 specifies log server addresses and has no role in web authentication redirection for CWA deployments.

CAllow ICMP toward the portal.

Allowing ICMP toward the portal is not a requirement for CWA redirection - the redirect mechanism is HTTP-based and does not depend on ICMP reachability.

DRemove the CN entry from the SAN.

Removing a CN entry from the SAN field is a certificate management action unrelated to the ACL-based redirect configuration required for CWA.

Concept tested: Cisco CWA redirect ACL on anchor controller

Source: https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200529-Configure-Central-Web-Authentication-on.html

Topics

#CWA#web authentication redirect#anchor controller ACL#guest access

Community Discussion

No community discussion yet for this question.

Full 300-430 Practice