nerdexam
Exams300-430Questions#338
Cisco

300-430 · Question #338

300-430 Question #338: Real Exam Question with Answer & Explanation

The correct answer is D: Upload the MAC addresses of the third-party APs to Cisco Catalyst Center using a wIPS. In Cisco SD-Access with Fabric-enabled wireless, unknown APs are flagged as rogue by default. To prevent third-party APs used for testing from being classified as high-threat rogue and contained, their MAC addresses must be added as exceptions in Cisco Catalyst Center via the wIP

Monitoring

Question

An engineer is working for an organization that recently deployed Cisco SD-Access-based network with all SSIDs working in Fabric-enabled wireless. A recent project requires third-party APs to be connected to the access switches for some interoperability testing. However, Cisco Catalyst Center (formerly DNA Center) detects these APs as rogue on the wire. Which action must the engineer take to avoid reporting third-party APs as high-threat rogue and containing them?

Options

  • AEnable Management Frame Protection on the SSIDs broadcasted using third-party AP.
  • BReduce the power on the third-party APs and create smaller broadcasting cells.
  • CRemove specific switches from Cisco Catalyst Center management where third-party APs are
  • DUpload the MAC addresses of the third-party APs to Cisco Catalyst Center using a wIPS

Explanation

In Cisco SD-Access with Fabric-enabled wireless, unknown APs are flagged as rogue by default. To prevent third-party APs used for testing from being classified as high-threat rogue and contained, their MAC addresses must be added as exceptions in Cisco Catalyst Center via the wIPS workflow. This whitelists the devices, allowing interoperability testing without triggering containment actions.

Topics

#rogue AP#wIPS#MAC allowlist#SD-Access

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-430 Practice