HPE6-A84 · Question #25
HPE6-A84 Question #25: Real Exam Question with Answer & Explanation
The correct answer is B. Set up qatewav clusters manually and set VRRP IP addresses for dynamic authorization.. Auto-site clustering is a feature that allows gateways in the same site and group to form a cluster automatically. However, this mode does not support VRRP IP addresses, which are required for dynamic authorization (CoA) from ClearPass Policy Manager (CPPM) to the gateways. Dynam
Question
Exhibit
Options
- AChanqe the WLANs to mixed-mode forwardinq so that vou can select multiple qatewav clusters.
- BSet up qatewav clusters manually and set VRRP IP addresses for dynamic authorization.
- CUse auto-group clustering instead of auto-site clustering for the gateways.
- DEnable default gateway mode for the gateway clusters.
Explanation
Auto-site clustering is a feature that allows gateways in the same site and group to form a cluster automatically. However, this mode does not support VRRP IP addresses, which are required for dynamic authorization (CoA) from ClearPass Policy Manager (CPPM) to the gateways. Dynamic authorization is a mechanism that allows CPPM to change the attributes or status of a client session on the gateways without requiring re-authentication. This is useful for applying policies, roles, or bandwidth limits based on various conditions. Without VRRP IP addresses, CPPM would not be able to send CoA messages to the correct gateway in case of a failover event, resulting in inconsistent or incorrect client behavior. To enable VRRP IP addresses for dynamic authorization, you need to set up gateway clusters manually and assign a VRRP VLAN and a VRRP IP address to each cluster. This way, CPPM can use the VRRP IP address as the NAS IP address for RADIUS communications and CoA messages. The VRRP IP address will remain the same even if the active gateway in the cluster changes due to a failover event, ensuring seamless operations.
Community Discussion
No community discussion yet for this question.