What is correct regarding rate limiting and egress queue shaping on AOS-CX switches? Rate limiting and egress queue shaping can be used to restrict inbound traffic Limits can be defined only for broadcast and multicast traffic Rate limiting and egress queue shaping can be applied globally Traffic rate limit is configured on queue level.
What is the correct way of associating a VRF instance to either a VLAN or an interface? Switch(config)# interface <interface-ID> Switch(config-if)# vlan access <VLAN-ID> vrf attach <vrf-name> Switch(config)# vlan <VLAN-ID> vrf attach < vrf-name > Switch(config)# vlan <VLAN-ID> Switch(config-vlan-<VLAN-ID># vrf attach < vrf-name > Switch(config)# vlan <VLAN-ID> vrf < vrf-name >.
When an AOS-CX switch uses a temporary copy of the Configuration State database, what kind of analysis does NetEdit perform to ensure that the configuration is correct? Syntax validation Semantic validation Conformance validation Change validation.
What must a network administrator implement in order to run an NAE script on an AOS-CX switch? Deployment Schedule Plan Agent.
What is correct regarding policy-based routing? Policies can only be applied to routed interfaces. Policies can be applied inbound and outbound. Monitoring of policy interfaces occurs every 60 seconds. Policy actions include routing permitting or dropping traffic.
An administrator is supporting a network with the access layer consisting of AOS-CX 6300 and 6400 switches. The administrator needs to quickly deploy Aruba IAPs and security cameras in the network, ensuring that the correct QoS and VLAN settings are dynamically applied to the switch ports. Currently, switches are not configured to do device authentication, and no authentication server exists in the network. Which AOS-CX feature should the administrator use to dynamically assign the policy settings to the correct switch ports? Device profiles Change of authorization Dynamic segmentation Voice VLANs.
Examine the network topology.
The network is configured for OSPF with the following attributes:
✑ Core1 and Core2 and ABRs
✑ Area 1 has 20 networks in the 10.1.0.0/16 range
✑ Area 0 has 10 networks in the 10.0.0.0/16 range
✑ Area 2 has 50 networks in the 10.2.0.0/16 range
✑ The ASBR is importing a static route into Area 1
✑ Core2 has a summary for Area 2: area 0.0.0.2 range 10.2.0.0/16 type inter-area
Here is the OSPF configuration performed on Core1:
Based on the above information, what is correct?
ISP 1 is not reachable from any area. Core1 has received one type 5 LSA from the ASBR. Area 0 has 81 routes Area 1 has 23 routes.
1-Examine the network topology.
2-Company XYZ has two connections to a service provider (ISP1). Here is the configuration of Router1:
3-Here is the configuration of Router2:
Based on configuration of Router1 and Router2, which BGP metric is being manipulated?
Weight Multiple exit discriminator Local preference AS path length.
An administrator wants to drop traffic from VLAN 6 (10.1.6.0/24) to VLAN 5 (10.1.5.0/24), but allow all other traffic. What is correct configuration to accomplish this? A B C D.
What is correct regarding the configuration of ACLs on AOS-CX switches? Statements with the log keyword are always processed by the switch CPU. Standard ACLs are used to match on routes when performing route distribution. Wildcard masks are used to match on a range of IP addresses. Numbers 100 through 199 and 2000 through 2999 are used when creating extended ACLs.
When comparing PIM-DM and PIM-SM, which multicast components are only found with PIM-SM in multicast routing? (Choose two.) IGMP querier Rendezvous point Bootstrap router Shortest path tree Designated router.
Examine the network exhibit.
A network administrator is implementing OSPF on a VSX pair of aggregation switches: Agg1 and Agg2. VLANs 10 and 20 are connected to layer-2
access switches. Agg-1 and Agg-2 are configured as the default gateway for VLANs 10 and 20, with active gateway enabled.
What is the best practice for configuring OSPF on the aggregation switches and their connection to the Core switch?
Define a layer-2 VSX LAG associated with a layer-3 VLAN interface. Enable active gateway for the Layer-3 VLAN. Define separate layer-3 VLAN interfaces between the aggregation and core switches. Enable active forwarding for the Layer-3 VLAN. Define separate layer-3 VLAN interfaces between the aggregation and core switches. Enable active gateway for the Layer-3 VLAN. Define a layer-2 VSX LAG associated with a layer-3 VLAN interface. Enable active forwarding for the Layer-3 VLAN.
When implementing user-based tunneling on an AOS-CX switch, which component defines the primary and backup Aruba gateways? Transit VLAN Gateway role Server group Zone.
When implementing deficit weighted round robin queuing, what importance does the weight value have? Prioritizing latency-sensitive traffic Queue priority in processing traffic Strict priority queue Percentage of interface bandwidth.
A network administrator is implementing OSPF, where there are two exit points. Each exit point has a stateful, application inspection firewall to implement company policies. What would the best practice be to ensure that one firewall will see both directions of the traffic, preventing asynchronous connections in the
network? Both ASBRs should define External Type 1 routes for the external routes, using a different initial cost value for each ASBR. Both ASBRs should define External Type 1 routes for the external routes, using the same initial cost value for each ASBR. Both ASBRs should define External Type 2 routes for the external routes, using the same initial cost value for each ASBR. Both ASBRs should define External Type 2 routes for the external routes, using a different initial cost value for each ASBR.
What is a concept associated with PIM sparse mode (SM)? Reverts to forwarding when the pruning state times out. Requires periodic joins to maintain the shortest path tree (SPT). Recommended for use when high bandwidth connections exist. Implements a push content to forward traffic from the multicast source.
Which AOS-CX feature is used to prevent head-on-line (HOL) blocking? VSF WFQ VOQ VSX.
Examine the following AOS-CX switch configuration:
Which access control entries would allow web traffic to the web servers 10.1.0.100 and 10.1.1.100? permit tcp servers eq 80 permit tcp any 10.1.0.100 0.0.1.0 eq 80 permit tcp any 10.1.0.100/10.1.1.100 eq 80 permit tcp any 10.1.0.100/255.255.254.255 eq 80.
Which AOS-CX switches support weighted fair queuing (WFQ)? Both 8320 and 8325 Both 6300 and 6400 8400 only 6300 only.
An administrator of a large campus network needs a solution that will provide root cause analytics to quickly identify problems so that they can quickly be fixed. Which AOS-CX switch feature should the administrator utilize to help with root cause analytics? NAE VoQ NetEdit VSX.
What is a best practice concerning voice traffic and dynamic segmentation on AOS-CX switches? Controller authentication and user-based tunneling of the voice traffic Switch authentication and user-based tunneling of the voice traffic Controller authentication and port-based tunneling of the voice traffic Switch authentication and local forwarding of the voice traffic.
What is required when implementing captive portal an AOS-CX switches? Certificate installed on the switch Web server running on the switch Device fingerprinting AAA server.
The AOS-CX mobile app allows a network engineer or technician to perform which tasks? (Choose two.) Use NetEdit to manage switch configuration. Create a stack of AOS-CX switches. Transfer files between the switch and your mobile device. Securely access the switch using SSH. Schedule an operating system upgrade.
An administrator implements interim accounting for guest users so that ClearPass can track the amount of bandwidth that guests upload and download. Guests that abuse bandwidth consumption should be disconnected from the network. The administrator configures the following on the AOS-CX access switches:
After performing this configuration, the administrator notices that guest users that have exceeded the guest bandwidth limit are not being
disconnected. Upon further investigation, Access Tracker in ClearPass indicates a disconnect CoA message is being sent to the AOS-CX switch.
What is causing this issue? RADIUS change of authorization is not enabled on the AOS-CX switch. Bandwidth consumption of the guests is not being reported by the AOS-CX switch. NTP is not configured on the AOS-CX switch. There is a time discrepancy between the AOS-CX switch and ClearPass.
A company is implementing AOS-CX switches at the access layer. The company wants to implement access control for employees and guests. Which security features will require a ClearPass server to be installed and used by the company? Downloadable user roles Dynamic segmentation User-based tunneling (UBT) Change of authorization (CoA).
An administrator will be implementing tunneling between AOS-CX switches and Aruba gateways. Which list of protocols must minimally be allowed by an intermediate firewall between two sets of devices? IP protocol 50 and UDP 8209 UDP 4500 and IP protocol 47 UDP 8211 and IP protocol 47 UDP 4500 and UDP 8209.
In AOS-CX switching, what determines when a frame is forwarded by the switch between the ingress and the egress port? Egress port Ingress port VSX switch tables Fabric Load Balancer.
Which protocol should be configured to allow NetEdit to discover third-party devices? SNMP SSH HTTPS HTTP.
Examine the VSX-related configuration of the core layer AOS-CX switch:
A network administrator is troubleshooting a connectivity issue involving the VSX LAG (link aggregation) between the core and access layer switch, during HW replacement of one of the core switches. Which configuration should the administrator add to the core switch to fix this issue? ICX-Tx-Core1(config)# vsx ICX-Tx-Core1(config-vsx)# system-mac 02:01:00:00:01:00 ICX-Tx-Core1(config)# interface lag 1 multi-chassis ICX-Tx-Core1(config-if-lag-if)# mtu 9198 ICX-Tx-Core1(config)# interface 1/1/46-1/1/47 ICX-Tx-Core1(config-if-vlan)# active-gateway ip 10.1.11.1 mac 02:02:00:00:01:00 ICX-Tx-Core1(config)# interface 1/1/45 ICX-Tx-Core1(config-if-vlan)# active-gateway ip 192.168.0.0 mac 02:02:00:00:01:00.
The company has just upgraded their access layer switches with AOS-CX switches and implemented an AAA solution with ClearPass. The company has become concerned about what actually connects to the user ports on the access layer switch, Therefore, the company is implementing 802.1X authentication on the AOSCX switches. An administrator has globally enabled 802.1X, and has enabled it on all the access ports connected to user devices, including VoIP phones, security cameras, and wireless Aruba IAPs. Wireless users are complaining that they successfully authenticate to the IAPs; however, they do not have access to network resources. Previously, this worked before 802.1X was implemented on the AOS-CX switches.
What should the company do to solve this problem? Implement device-based mode on the IAP-connected AOS-CX switch ports. Implement local user roles and local forwarding on the AOS-CX switches. Implement downloadable user roles and user-based tunneling (UBT) on the AOS-CX switches. Implement AAA RADIUS change of authorization on the AOS-CX switches.
How does an administrator install a script and create an agent and actions for the Network Analysis Engine running on AOS-CX switches? Access the switches' command-line interface. Access the switches' web user interface Use Aruba Central's web user interface Use the NetEdit web user interface.
When cutting and pasting configurations into NetEdit, which character is used to enter commands within the context of the previous command? Space Tab €ג€<ג <ESC>.
A company has recently purchased a ClearPass AAA solution. Their network consists of AOS-CX switches at the access layer. The company is implementing a rollout of IoT devices for smart building management to control the lighting and HVAC systems. The network administrator is concerned about allowing secure access to these devices since they only support MAC-Auth.
Which ClearPass feature should the administrator leverage to help determine that MAC address spoofing is not occurring for this group of devices? User-based tunneling Device fingerprinting RADIUS change of authorization Downloadable user roles.
A network administrator sets up two aggregation layer AOS-CX switches in a VSX pair. The switches have layer-2 VSX LAGS to access layer switches. The VSX pair has IGMP configured on the layer-3 VLAN interfaces serving the access layer switches.
What is correct regarding how the VSX pair will interact with multicast traffic and messages? IGMP snooping must be disabled on the ISL interface to ensure correct multicast traffic forwarding. Forwarding and pruning of multicast traffic is based on a shared IGMP group database. Join and leave messages are always forwarded across the ISL link between the VSX aggregate switches. If one of the VSX switches reboots, the IGMP group database is automatically synchronized between the two switches.
Examine the network exhibit.
Examine Route r4's partial OSPF configuration:
router ospt 1
area 0
exit
interface vlan 100
ip ospf area 0
exit
interface vlan 40
ip ospf area 0
exit
interface 1/1/1
vlan access 100
mtu 9000
ip ospf heilo-interval 1
ip ospf dead-interval 4
ip ospf authentication simple-text
ip ospf authentication-key key 123
When executing the "show ip ospf neighbors" command, Router 4 is in a FULL state with Router 3 and Router 2, but a 2-WAY state with Routed.
What is causing the 2-WAY state with Router 1? The timers on interface 1/1/1 is mismatched with Router 1's VLAN 100 interface Router 4 and Router 1 are acting as a DROTHER Router 1 and Router 3 have a mismatched authentication key The MTU size on interface 1/1/1 is mismatched with Router 1's VLAN 100 interface.
What would prevent two OSPF routers from forming an adjacency? (Choose two.) Different priorities Different MTU sizes Different area types Different router IDs Different IP addresses.
A network administrator is tasked to set up BGP in the company's network. The administrator is defining an eBGP peering between an AOS-CX switch and a directly-connected service provider. The administrator has configured the following on the AOS-CX switch:
However, when using the "show bgp all summary" command, the state does not display "Established" for the eBGP peer. What must the
administrator configure to fix this issue? router bgp 64500 neighbor 192.168.1.1 ebgp-multihop router bgp 64500 enable router bgp 64500 address-family ipv4 unicast neighbor 192.168.1.1 activate router bgp 64500 neighbor 192.168.1.1 update-source loopback0.
A company has an existing wireless solution involving Aruba APs and Aruba gateway. The solution leverages a third-party AAA solution. The company is replacing existing access switches with AOS-CX 6300 and 6400 switches. The company wants to leverage the same security and firewall policies for both wired and wireless traffic.
Which solution should the company implement? IPSec User-based tunneling RADIUS dynamic authorization Downloadable user roles.
MAC authentication is enabled on port 1/1/27 of an AOS-CX switch. The following MAC addresses are defined on the AAA server:
* 88:3a:30:97:b6:00
* 00:50:56:b1:fc:9b
Examine the AOS-CX switch output:
Based on this information, what is true concerning port 1/1/27? Device-mode is enabled with a client limit of 1. Device-mode is enabled with a client limit of 2. Client-mode is enabled with a client limit of 1. Client-mode is enabled with a client limit of 2.
What is the purpose of the transit VLAN when implementing dynamic segmentation policies involving AOS-CX switches and an Aruba gateway solution? It identifies the VLAN that the switch will use when tunneling the traffic to the gateway. It identifies the VLAN that the user traffic will be assigned to, whether the traffic is tunneled or locally switched. It defines the VXLAN identifier to identified UBT traffic between the AOS-CX switches and the gateway solution. It identifies the VLAN that the user traffic will be assigned to when it comes out of the tunnel and is forwarded by the gateway.
What is true regarding VSX and keepalives on AOS-CX switches? A separate VLAN on the ISL link is used. A VSX LAG for the keepalives is a best practice. The OOBM port must be used. A 1GbE or faster port is used.
An administrator is designing an access layer solution in a data center. A key requirement is to dual-home mission-critical server connections to two different switches, ensuring that the servers always have network access, even during switch software upgrades. This feature should support strictly-controlled provisioning.
What would best meet the administrator's needs when deploying AOS-CX switches? VSF Dynamic segmentation VSX NAE.
A customer has twenty AOS-CX switches that will be managed by NetEdit and would like support for NetEdit. These switches will exist in the network for at least five years.
Which type of licensing should be used by this customer? 1 Aruba NetEdit SMB License 20 Aruba NetEdit permanent licenses 25 Aruba NetEdit permanent licenses 20 Aruba NetEdit single node subscription licenses.
A company has a third-party AAA server solution. The campus access layer was just upgraded to AOS-CX switches that perform access control with MAC-Auth and 802.1X. The company has an Aruba gateway solution for wireless, and they want to leverage the firewall policies on the controllers for the wired traffic.
What is correct about how the company should implement a security solution where the wired traffic is processed by the gateways? Implement standards-based RADIUS VSAs to pass policy information directly to the AOS-CX switches and gateways. Implement downloadable user roles with a gateway role defined on the AOS-CX switches. Implement downloadable user roles with a device role defined on the AOS-CX switches and gateways. Implement local user roles with a gateway role defined on the AOS-CX switches.
An administrator wants to implement a virtual switching technology that implements
a single control-plane solution. Wich S-CX switches would meet thesse criteria? All AOS-CX switching platforms AOS-CX 6300 and 6400 switches AOS-CX 6300, 6400 and 83XX switches AOS-CX 6300 Switches.
A switch will apply a device profile to a port based on wich pieces of information?
(Select two) IP header MAC Address LLDP User role 802.1Q.
An administrator is managing a VSX pair of AOS-CX switches. An administrator
configuresthe following on the primary AOS-CX switch:
Switch(config)# vlan 100
Switch(config-vlan-100)# vsx-sync The primary switch will erase VLAN 200 from the VSX pair The VLAN is only created on the secondary switch The operation is not allowed by the switch and CLI error is displayed The VLAN is created on both the primary and secondary switches.
A network administrator is implementing BGP for a larger network.
The network has a over 20 exit points across 15 different BGP routers.
The administrator does not want to implement a fully-meshed iBGP peering between
all BGP routers.
Wich feature should the administrator implement to reduce the number of peers the
administrator needs to define? Next-hop-self BFD Peer-Groups Route reflectors.
An administrator wants to use an existing Aruba Gateway's firewall policies
to filter both wireless and wired traffic.
With AOS-CX switch feature should a customer implement to ensure the gateway applies
the same or similar firewall policies to users wired and wireless traffic? GRE tunneling User-based tunneling Port-based tunneling IPSec tunneling.
A company has a few servers in a secure, remote location storing highly-confidential
documents connected to teo AOS-CX 6400 switches configured in a VSX pair. the AOS-CX
switches perform access control 802.1X and will be implementing user based-tunneling
(UBT) so that Aruba gateway application inspection and statefull firewall policies can
be applied to the traffic. The gateways are running version 84 and implement the AP,
PEF, and RFP licenses.
Wich licensing is needed for the two AOS-CX switches? 2 AP and 2 PEF licenses only 1 AP license only 2 AP, 2 PEF, and 2 RFP licenses only 1 AP, 1 PEF, and 1 RFP licenses only.
An administrator is implementing a multi-area OSPF network. The network contains
a backboone (area 0) and two other areas (1 and 2) connected to ABRs in the backbone.
The network has one routing switch connected to a service provider located in area 2. Wich
network design would minimize the number of routes in the switches link state databases
(LSDBs) while still allowing full connectivity? Area 0: Normal
Area 1: Totally stubby
Area 2: totally sutbby Area 0: normal
Area 1: totally not-so-stubby
Area 2: totally stubby Area 0 : normal
Area 1: Totally stubby
Area 2: Totally not-so-stubby Area 0: Not-so-stubby
Area 1: Totally not-so-stubby
Area 2: Totally not-so-stubby.
An administrator will be deploying NetEdit to manage an Aruba solution. What does
NetEdit support? Manages AOS-CX switches and Aruba gateways Support for Aruba-supplied security updates Tracks configuration and hardware information Can be purchased as VM and/or hardware appliance.
An administrator wants to leverage the Network Analisys Engine (NAE) feature on AOS-CX
switches to perform root cause analysis and to assist in quickly identifying problems.
Wich two AOS-CX databases does the administrator have access to
when implementing scripts? (Select two) time-series APIO VSX Configuration Audit.
Examine the AOS-CX configuration:
interface mgmt
no shutdown
ip static 10.1.1.1/24
default-gateway 10.1.1.254
exit
ssh server vrf mgmt
https-server vrf mgmt
https-server rest access-mode read-write
The switches have a default factory password setting NetEdit fails to accessthe configuration
of the AOS-CX switches.
What should the administrator do to solve this problem? Set a password for the default admin user account Disable telnet globally Use the default VRF instead of the mgmt VRF Enable IP routing globally.
A network engineer is setting up BGP on AOS-CX switches. The engineer is establishing two
different eBGP peering's to two different service providerss. The engineer has dozens of contiguos
C-class public network that need to be advertised to the providers. The engineer manually defines the networks to be
advertised individually with the "network" comand. How can an administrator advertise only a
summarized route to the two service providers? Create a summarized static route and redistribute this into OSPF summarize the networks with the "aggregate-address" BGP command enable auto-summarization in the IPV4 address family of the BGP configuration Create a summarized route in OSPF.
|
