300-430 · Question #317
An engineer must set up EAP-TLS authentication on all Cisco FlexConnect APs in local authentication mode. Which certificates must be added to allow seamless roaming?
The correct answer is C. client and controller root CA. In FlexConnect local authentication with EAP-TLS, clients must validate the RADIUS server’s (controller’s) certificate, and the controller must validate the client’s certificate. To support seamless roaming, both the client certificate and the controller’s root CA certificate mus
Question
An engineer must set up EAP-TLS authentication on all Cisco FlexConnect APs in local authentication mode. Which certificates must be added to allow seamless roaming?
Options
- Acontroller and AP root CA
- Bclient and AP root CA
- Cclient and controller root CA
- DAP and controller root CA
How the community answered
(45 responses)- A7% (3)
- B27% (12)
- C58% (26)
- D9% (4)
Explanation
In FlexConnect local authentication with EAP-TLS, clients must validate the RADIUS server’s (controller’s) certificate, and the controller must validate the client’s certificate. To support seamless roaming, both the client certificate and the controller’s root CA certificate must be added so mutual authentication works properly across FlexConnect APs.
Topics
Community Discussion
No community discussion yet for this question.