nerdexam
Cisco

300-430 · Question #346

An engineer implemented AP Authorization with Cisco ISE utilizing AP MAC addresses as local users in Cisco ISE. Everything has been working fine until recently. It has been noticed that APs that reboo

The correct answer is A. Disable the Cisco ISE password policy that disables accounts for unchanged passwords.. When APs are configured as local users in Cisco ISE (using MAC addresses), they rely on fixed credentials that typically never change. If the password policy in ISE enforces account expiration or disables accounts with unchanged passwords, APs will fail authentication after reboo

Device Hardening

Question

An engineer implemented AP Authorization with Cisco ISE utilizing AP MAC addresses as local users in Cisco ISE. Everything has been working fine until recently. It has been noticed that APs that reboot are temporarily disconnected from the network and cannot rejoin the controller. Which action completes the implementation?

Options

  • ADisable the Cisco ISE password policy that disables accounts for unchanged passwords.
  • BRemove APs from the exclusion list, due to authentication failures.
  • CUpgrade Cisco ISE to a newer version due to bugs.
  • DInstall a valid EAP certificate on Cisco ISE for the APs.

How the community answered

(26 responses)
  • A
    58% (15)
  • B
    27% (7)
  • C
    4% (1)
  • D
    12% (3)

Explanation

When APs are configured as local users in Cisco ISE (using MAC addresses), they rely on fixed credentials that typically never change. If the password policy in ISE enforces account expiration or disables accounts with unchanged passwords, APs will fail authentication after reboot until re- enabled. Disabling this password policy ensures AP MAC-based local user accounts remain active and APs can consistently rejoin the controller.

Topics

#AP authorization#Cisco ISE#MAC authentication#ISE password policy

Community Discussion

No community discussion yet for this question.

Full 300-430 Practice