nerdexam
Cisco

300-430 · Question #317

An engineer must set up EAP-TLS authentication on all Cisco FlexConnect APs in local authentication mode. Which certificates must be added to allow seamless roaming?

The correct answer is C. client and controller root CA. In FlexConnect local authentication with EAP-TLS, clients must validate the RADIUS server’s (controller’s) certificate, and the controller must validate the client’s certificate. To support seamless roaming, both the client certificate and the controller’s root CA certificate mus

FlexConnect

Question

An engineer must set up EAP-TLS authentication on all Cisco FlexConnect APs in local authentication mode. Which certificates must be added to allow seamless roaming?

Options

  • Acontroller and AP root CA
  • Bclient and AP root CA
  • Cclient and controller root CA
  • DAP and controller root CA

How the community answered

(45 responses)
  • A
    7% (3)
  • B
    27% (12)
  • C
    58% (26)
  • D
    9% (4)

Explanation

In FlexConnect local authentication with EAP-TLS, clients must validate the RADIUS server’s (controller’s) certificate, and the controller must validate the client’s certificate. To support seamless roaming, both the client certificate and the controller’s root CA certificate must be added so mutual authentication works properly across FlexConnect APs.

Topics

#EAP-TLS#FlexConnect local auth#certificate requirements#seamless roaming

Community Discussion

No community discussion yet for this question.

Full 300-430 Practice