Category Archives: 300-430 Implementing Cisco Enterprise Wireless Networks (300-430 ENWLSI)

300-430 Implementing Cisco Enterprise Wireless Networks (300-430 ENWLSI) Question and Answers

What must be configured on the Global Configuration page of the WLC for an access point to use 802.1x to authenticate to the wired infrastructure?

A. local access point credentials B. RADIUS shared secret C. TACACS server IP address D. supplicant credentials Answer: Option B. Explanation:  No answer description available for this question. Show AnswerDiscussion The post What must be configured on the Global Configuration page of the WLC for an access point to use 802.1x to authenticate to the wired infrastructure? appeared… Read More »

An engineer must implement a CPU ACL that blocks web management traffic to the controller, but they also must allow guests to reach a Web Authentication Redirect page. To which IP address is guest client HTTPS traffic allowed for this to work?

A. DNS server IP B. controller management IP C. virtual interface IP D. client interface IP Answer: Option C. Explanation:  No answer description available for this question. Show AnswerDiscussion The post An engineer must implement a CPU ACL that blocks web management traffic to the controller, but they also must allow guests to reach a Web Authentication Redirect… Read More »

An engineer needs to configure an autonomous AP for 802.1x authentication. To achieve the highest security an authentication server is used for user authentication. During testing, the AP fails to pass the user authentication request to the authentication server. Which two details need to be configured on the AP to allow communication between the server and the AP? (Choose two.)

A. username and password B. PAC encryption key C. RADIUS IP address D. shared secret E. group name Answer: Option C, D. Explanation:  No answer description available for this question. Show AnswerDiscussion The post An engineer needs to configure an autonomous AP for 802.1x authentication. To achieve the highest security an authentication server is used for user authentication.… Read More »

A customer wants the APs in the CEO’s office to have different usernames and passwords for administrative support than the other APs deployed throughout the facility. Which feature must be enabled on the WLC and APs to achieve this goal?

A. local management users B. HTTPS access C. 802.1X supplicant credentials D. override global credentials Answer: Option C. Explanation:  No answer description available for this question. Show AnswerDiscussion The post A customer wants the APs in the CEO’s office to have different usernames and passwords for administrative support than the other APs deployed throughout the facility. Which feature… Read More »

An engineer configured a Cisco AireOS controller with two TACACS+ servers. The engineer notices that when the primary TACACS+ server fails, the WLC starts using the secondary server as expected, but the WLC does not use the primary server again until the secondary server fails or the controller is rebooted.Which cause of this issue is true?

A. Fallback is enabled B. Fallback is disabled C. DNS query is disabled D. DNS query is enabled Answer: Option B. Explanation:  No answer description available for this question. Show AnswerDiscussion The post An engineer configured a Cisco AireOS controller with two TACACS+ servers. The engineer notices that when the primary TACACS+ server fails, the WLC starts using… Read More »

The network management team in a large shopping center has detected numerous rogue APs from local coffee shops that are broadcasting SSIDs. All of these SSIDs have names starting with ATC (for example, ATC302, ATC011, and ATC566). A wireless network engineer must appropriately classify these SSIDs using the Rogue Rules feature. Drag and drop the options from the left onto the categories in which they must be used on the right. Not all options are used.

The network management team in a large shopping center has detected numerous rogue APs from local coffee shops that are broadcasting SSIDs. All of these SSIDs have names starting with ATC (for example, ATC302, ATC011, and ATC566). A wireless network engineer must appropriately classify these SSIDs using the Rogue Rules feature. Drag and drop the options from the… Read More »

An engineer must configure Cisco OEAPs for three executives. As soon as the NAT address is configured on the management interface, it is noticed that the WLC is not responding for APs that are trying to associate to the internal IP management address. Which command should be used to reconcile this?

A. config flexconnect office-extend nat-ip-only disable B. config network ap-discovery nap-ip-only enable C. config flexconnect office-extend nat-ip-only enable D. config network ap-discovery nat-ip-only disable Answer: Option C. Explanation:  No answer description available for this question. Show AnswerDiscussion The post An engineer must configure Cisco OEAPs for three executives. As soon as the NAT address is configured on the… Read More »

An engineer is responsible for a wireless network for an enterprise. The enterprise has distributed offices around the globe, and all APs are configured in FlexConnect mode. The network must be configured to support 802.11r and CCKM. What needs to be implemented to accomplish this goal?

A. Enable VLAN-based central switching. B. Enable FlexConnect local authentication. C. Enable FlexConnect local switching. D. Create FlexConnect groups. Answer: Option D. Explanation:  No answer description available for this question. Show AnswerDiscussion The post An engineer is responsible for a wireless network for an enterprise. The enterprise has distributed offices around the globe, and all APs are configured… Read More »

An engineer configures a deployment to support:Cisco CMX licenses for at least 3000 APs 6000 wIPS licenses The Cisco vMSE appliance must be sized for this deployment. Which Cisco vMSE Release 8 option must the engineer deploy?

A. Large vMSE B. Low-End vMSE C. Standard vMSE D. High-End vMSE Answer: Option D. Explanation:  No answer description available for this question. Show AnswerDiscussion The post An engineer configures a deployment to support:<br>Cisco CMX licenses for at least 3000 APs 6000 wIPS licenses The Cisco vMSE appliance must be sized for this deployment. Which Cisco vMSE Release… Read More »

A Cisco CMX 3375 appliance on the 10.6.1 version code counts duplicate client entries, which creates wrong location analytics. The issue is primarily from iOS clients with the private MAC address feature enabled. Enabling this feature requires an upgrade of the Cisco CMX 3375 appliance in a high availability pair to version 10.6.3. SCP transfers the Cisco CMX image, but the upgrade script run fails. Which configuration change resolves this issue?

A. Upgrade the high availability pair to version 10.6.2 image first and then upgrade to version 10.6.3. B. Save configuration and use the upgrade script to upgrade the high availability pair without breaking the high availability. C. Break the high availability using the cmxha config disable command and upgrade the primary and secondary individuality. D. Run root patch… Read More »