300-430 · Question #346
An engineer implemented AP Authorization with Cisco ISE utilizing AP MAC addresses as local users in Cisco ISE. Everything has been working fine until recently. It has been noticed that APs that reboo
The correct answer is A. Disable the Cisco ISE password policy that disables accounts for unchanged passwords.. When APs are configured as local users in Cisco ISE (using MAC addresses), they rely on fixed credentials that typically never change. If the password policy in ISE enforces account expiration or disables accounts with unchanged passwords, APs will fail authentication after reboo
Question
An engineer implemented AP Authorization with Cisco ISE utilizing AP MAC addresses as local users in Cisco ISE. Everything has been working fine until recently. It has been noticed that APs that reboot are temporarily disconnected from the network and cannot rejoin the controller. Which action completes the implementation?
Options
- ADisable the Cisco ISE password policy that disables accounts for unchanged passwords.
- BRemove APs from the exclusion list, due to authentication failures.
- CUpgrade Cisco ISE to a newer version due to bugs.
- DInstall a valid EAP certificate on Cisco ISE for the APs.
How the community answered
(26 responses)- A58% (15)
- B27% (7)
- C4% (1)
- D12% (3)
Explanation
When APs are configured as local users in Cisco ISE (using MAC addresses), they rely on fixed credentials that typically never change. If the password policy in ISE enforces account expiration or disables accounts with unchanged passwords, APs will fail authentication after reboot until re- enabled. Disabling this password policy ensures AP MAC-based local user accounts remain active and APs can consistently rejoin the controller.
Topics
Community Discussion
No community discussion yet for this question.