Blog

What is an OSPF transit network?

For the Aruba CX 6400 switch, what does virtual output queueing (VOQ) implement that is different from most typical campus switches?

??? Your manufacturing client is deploying two hundred wireless IP cameras and fifty headless scanners in their warehouse. These new devices do not support 802.1X authentication.

How can HPE Aruba enhance security for these new IP cameras in this environment?

What is the best practice for handling voice traffic with dynamic segmentation on AOS-CX switches?

You are setting up a customer’s 15 headless loT devices that do not support 802.1X. What should you use?

Refer to Exhibit

With Access-1, What needs to be identically configured With MSTP to load-balance VLANS?

You must ensure the HPE Aruba network you are configuring for a client is capable of plug-and-play provisioning of access points. What enables this capability?

you are implementing ClearPass Policy Manager with EAP-TLS for authenticating all corporate-owned devices. What are two possible solutions to the problem of deploying client certificates to corporate MacBooks that are joined to a Windows domain? (Select two.)

A customer is looking for a wireless authentication solution for all of their loT devices that meet the following requirements
– The wireless traffic between the IoT devices and the Access Points must be encrypted
– Unique passphrase per device
– Use fingerprint information to perform role-based access
Which solutions will address the customer’s requirements? (Select two.)

What is one advantage of using OCSP vs CRLs for certificate validation?

A network administrator is attempting to troubleshoot a connectivity issue between a group of users and a particular server The administrator needs to examine the packets over a period of time from their desktop; however, the administrator is not directly connected to the AOS-CX switch involved with the traffic flow.
What statements are correct regarding the ERSPAN session that needs to be established on an AOS-CX switch’? (Select two )

How is Dynamic Multicast Optimization (DMO) implemented in an HPE Aruba wireless network?

A customer has a site with 200 AP-515 access points 75AP-565 access points installed. The customer is rolling out new mobile phones with Wi-Fi-calling. 802.1X is in use for authentication What should be enabled to ensure the best roaming experience?

What is true regarding 802.11k?

With the Aruba CX 6200 24G switch with uplinks or 1/1/25 and 1/1/26, how do you protect client ports from forming layer-2 loops?

With the Aruba CX 6000 24G switch with uplinks of 1/1/25 and what does the switch do when a client port detects a loop and the do-not-disabie parameter is used?

Which statement best describes QoS?

A customer is using Aruba Cloud Guest, but visitors keep complaining that the captive portal page keeps coming up after devices go to sleep Which solution should be enabled to deal with this issue?

Refer to the exhibit

A company has deployed 200 AP-635 access points. To but is not working as expected

What would be the correct action to fix the issue?

Which method is used to onboard a new UXI in an existing environment with 802.1X authentication?

(The sensor has no cellular connection)

A new network design is being considered to minimize client latency in a high-density environment. The design needs to do this by eliminating contention overhead by dedicating subcarriers to clients.
Which technology is the best match for this use case?

Which statements are true regarding a VXLAN implementation on Aruba Switches? (Select two.)

A customer wants to deploy a Gateway and take advantage of all the SD-WAN features. Which persona role option should be selected?

What is a primary benefit of BSS coloring?

What is used to retrieve data stored in a Management Information Base (MIS)?

You are configuring Policy Based Routing (PBR) for a subnet that will be used to test a new default route for your network Traffic originating from 10.2.250.0/24 should use a new default route to 10.1.1.253. Other non-default routes for this subnet should not be affected by this change.
What are two parts of the solution for these requirements? (Select two.)

A)
pbr-action-list def_route_test
default-nexthop 10.1.1.253/24

B)
class ip test_subnet
10 match any 10.2.250.0/24 any
policy def_route_test_policy
10 class ip test_subnet action pbr def_route_test
interface vlan 100
ip address 10.2.250.0/24
apply policy pbr_test routed in

C)
class ip test_subnet
10 match any 10.2.250.0 255.255.255.0 any
policy def_route_test_policy
10 class ip ip_test_subnet action pbr def_route_test
interface vlan 100
ip address 10.2.250.0/24
apply policy pbr_test routed out

D)
pbr-action-list def_route_test
default-nexthop 10.1.1.253
interface null

E)
pbr-action-list def_route_test
nexthop 10.1.1.253
interface null

Your customer is having issues with Wi-Fi 6 clients staying connected to poor-performing APs when a higher throughput APs are closer. Which technology should you implement?

A customer is concerned about me unprotected traffic between an AOS-CX switch and a gateway, running on AOS 10. What is a feasible option to protect this traffic?

With Aruba CX 6300, how do you configure ip address 10.10.10.1 for the interface in default state for interface 1/1/1?

Your customer is having connectivity issues with a newly-deployed Microbranch group The access points in this group are online in Aruba Central, but no VPN tunnels are forming.

What is the most likely cause of this issue?

Which standard supported by some Aruba APs can enable a customer to accurately locate wireless client devices within a few meters?

your customer has asked you to assign a switch management role for a new user The customer requires the user role to View switch configuration information and have access to the PUT and POST methods for REST API.
Which default AOS-CX user role meets these requirements?

You need to have different routing-table requirements with Aruba CX 6300 VSF configuration Assuming the correct layer-2 VLAN already exists how would you create a new OSPF configuration for a separate routing table?

A network engineer recently identified that a wired device connected to a CX Switch is misbehaving on the network To address this issue, a new ClearPass policy has been put in place to prevent this device from connecting to the network again. Which steps need to be implemented to allow ClearPass to perform a CoA and change the access for this wired device?
(Select two.)

Which component is used by the Aruba Network Analytics Engine (NAE)?

How do you allow a new VLAN 100 between VSX pair inter-switch-link 256 for port 1/45 and 2/45?

You are deploying a bonded 40 MHz wide channel What is the difference in the noise floor perceived by a client using this bonded channel as compared to an unbonded 20MHz wide channel?

With the Aruba CX switch configuration, what is the Active Gateway feature that is used for and is unique to VSX configuration?

Refer to the exhibit

With Core-1. what is the default value for config-revision?

Describe the difference between Class of Service (CoS) and Differentiated Services Code Point (DSCP).

A system engineer needs to preconfigure several Aruba CX 6300 switches that will be sent to a
remote office An untrained local field technician will do the rollout of the switches and the mounting
of several AP-515s and AP-575S. Cables running to theAPs are not labeled.
The VLANs are already preconfigured to VLAN 100 (mgmt), VLAN 200 (clients), and VLAN 300 (guests)
What is the correct configuration to ensure that APs will work properly?

A)
port-access lldp-group IAP-Group
seq 10 match sys-desc AP-515
seq 20 match sys-desc AP-575
port-access role IAP-Role
description ARUBA AP
poe-priority high
trust-mode dscp
vlan trunk native 100
vlan trunk allowed 100,200,300
enable
port-access device-profile IAP-Profile
associate role IAP-Role
associate lldp-group IAP-Group

B)
port-access lldp-group IAP-Group
seq 10 match sys-desc 515
seq 20 match sys-desc 575
port-access role IAP-Role
description ARUBA AP
poe-priority high
trust-mode dscp
vlan trunk native 100
vlan trunk allowed 100,200,300
port-access device-profile IAP-Profile
associate role IAP-Role
associate lldp-group IAP-Group
no shutdown

C)
port-access lldp-group IAP-Group
seq 10 match sys-desc 515
seq 20 match sys-desc 575
port-access role IAP-Role
description ARUBA AP
poe-priority high
trust-mode dscp
vlan trunk native 100
vlan trunk allowed 200,300
port-access device-profile IAP-Profile
enable
associate role IAP-Role
associate lldp-group IAP-Group

D)
port-access lldp-group IAP-Group
seq 10 match sys-desc 515
seq 20 match sys-desc 575
port-access role IAP-Role
description ARUBA AP
poe-priority high
trust-mode dscp
vlan trunk native 100
vlan trunk allowed 100,200,300
port-access device-profile IAP-Profile
enable
associate role IAP-Role
associate lldp-group IAP-Group

You are troubleshooting an issue with a pair of Aruba CX 8360 switches configured with VSX Each switch has multiple VRFs. You need to find the IP address of a particular client device with a known MAC address You run the “show arp” command on the primary switch in the pair but do not find a matching entry for the client MAC address. The client device is connected to an Aruba CX 6100 switch by VSX LAG.
Which action can be used to find the IP address successfully?

Which feature supported by SNMPv3 provides an advantage over SNMPv2c?

Your customer currently has Two (2) 5406 modular switches with MSTP configured as their core switches. You are proposing a new solution. What would you explain regarding the Aruba CX VSX switch pair when the Primary VSX node is replaced and the system MAC is replaced?

Due to a shipping error, five (5) Aruba AP-515S and one (1) Aruba CX 6300 were sent directly to your new branch office You have configured a new group persona for the new branch office devices in Central, but you do not know their MAC addresses or serial numbers The office manager is instructed via text message on their smartphone to onboard all the new hardware into Aruba Central
What application must the office manager use on their phone to complete this task?

When setting up an Aruba CX VSX pair, which information does the Inter-Switch Link Protocol configuration use in the configuration created?

What is enabled by LLDP-MED? (Select two.)

On AOS-10 Gateways, which device persona is only available when configuring a Gateway-only group?

You are deploying Aruba CX 6300’s with the customers requirement to only allow one (1) VoIP phone and one (1) device.
The following local role gets assigned to the phone port-access rote VoIP device-traffic-class voice. What set of commands best fits this requirement?

Your customer has asked you to assign a switch management role for a new user. The customer requires the user role to only have Web Ul access to the System > Log page and only have access to the GET method for REST API for the /logs/event resource
Which default AOS-CX user role meets these requirements?

A company recently deployed new Aruba Access Points at different branch offices Wireless 802.1X authentication will be against a RADIUS server in the cloud. The security team is concerned that the traffic between the AP and the RADIUS server will be exposed.
What is the appropriate solution for this scenario?

You are doing tests in your lab and with the following equipment specifications:
• AP1 has a radio that generates a 20 dBm signal
• AP2 has a radio that generates a 8 dBm signal
• AP1 has an antenna with a gain of 7 dBI.
• AP2 has an antenna with a gain of 12 dBI.
• The antenna cable for AP1 has a 3 dB loss
• The antenna cable forAP2 has a 3 dB loss.
What would be the calculated Equivalent Isotropic Radiated Power (EIRP) for AP1?

You are building a configuration in Central that will be used for a standardized network design for small sites for your company, you want to use GUI configuration for gateways and Aps, while template configuration for switches. You need to align with Aruba best practices. Which set of actions will satisfy these requirements?

A customer is using a legacy application that communicates at layer-2. The customer would like to keep this application working to a remote site connected via layer-3

All legacy devices are connected to a dedicated Aruba CX 6200 switch at each site.

What technology on the Aruba CX 6200 could be used to meet this requirement?

A customer just upgraded aggregation layer switches and noticed traffic dropping for 120 seconds after the aggregation layer came online again. What is the best way to avoid having this traffic dropped given the topology below?

Your customer has four (4) Aruba 7200 Series Gateways and two (2) 7000 Series Gateways. The customer wants to form a cluster with these Gateways. What design consideration would prevent you from using all of those Gateways?

Using Aruba best practices what should be enabled for visitor networks where encryption is needed but authentication is not required?

A customer wants to provide wired security as close to the source as possible The wired security must meet the following requirements:

-allow ping from the IT management VLAN to the user VLAN
-deny ping sourcing from the user VLAN to the IT management VLAN

The customer is using Aruba CX 6300s
What is the correct way to implement these requirements?

You are helping an onsite network technician bring up an Aruba 9004 gateway with ZTP for a branch office The technician was to plug in any port for the ZTP process to start Thirty minutes after the gateway was plugged in new users started to complain they were no longer able to get to the internet. One user who reported the issue stated their IP address is 172.16 0.81 However, the branch office network is supposed to be on 10.231.81.0/24.
What should the technician do to alleviate the issue and get the ZTP process started correctly?

How is Multicast Transmission Optimization implemented in an HPE Aruba wireless network?

In AOS 10. which session-based ACL below will only allow ping from any wired station to wireless clients but will not allow ping from wireless clients to wired stations”? The wired host ingress traffic arrives on a trusted port.

What is an Aruba-recommended best practice for hardening that only applies to Aruba CX 6300 series switches with dedicated management ports?

Your customer is interested in hearing more about how roles can help keep consistent policy enforcement in a distributed overlay fabric.

How would you explain this concept to them?

With the Aruba CX switch configuration, what is the first-hop protocol feature that is used for VSX L3 gateway as per Aruba recommendation?

Which statements regarding OSPFv2 route redistribution are true for Aruba OS CX switches?

(Select two.)

With the Aruba CX 6100 48G switch with uplinks of 1/1/47 and 1/1/48.

How do you automate the process of resuming the port operational state once a loop on a client port is cleared?

A customer is using stacked Aruba CX 6200 and CX 6300 switches for access and a VSX pair of Aruba CX 8325 as a collapsed core 802 1X is implemented for authentication. Due to the lack of cabling, some unmanaged switches are still in use Sometimes devices behind these switches cause network outages The switch should send a warning to the Helpdesk when the problem occurs You have been asked to implement an effective solution to the problem-
What is the solution for this?

You need to ensure that voice traffic sent through an ArubaOS-CX switch arrives with minimal latency What is the best scheduling technology to use for this task?

For an Aruba AOS-10 AP in mixed mode, which factors can be used to determine the forwarding role assigned to a client? (Select two.)

A client is connecting to 802.1X SSID that has been configured in tunnel mode with the default AP-group settings. After receiving Access-Accept from the RADIUS server, the Aruba Gateway will send Access-Accept to the AP through which tunnel?

Refer to Exhibit

A company has deployed 200 AP-635 access points. To take advantage of the 6 GHz band, the administrator has attempted to configure a new WPA3-OWE SSID in Central but is not working as expected.
What would be the correct action to fix the issue?

Two AOS-CX switches are configured with VSX at the the Access-Aggregation layer where servers attach to them An SVI interface is configured for VLAN 10 and serves as the default gateway for VLAN10. The ISL link between the switches fails, but the keepalive interface functions. Active gateway has been configured on the VSX switches.

What is correct about access from the servers to the Core? (Select two.)

What steps are part of the Key Management workflow when a wireless device is roaming from AP1 to AP2? (Select two.)

You are configuring an SVI on an Aruba CX switch that needs to have the following characteristics:

• VLANID = 25
• IPv4 address 10 105 43 1 with mask 255 255 255.0
• IPv6 address fd00:5708::f02d:4df6 with a 64 bit prefix length
• member of VRF eng
• VRF eng and VLAN 25 have not yet been created

Which command lists will satisfy the requirements with the least number of commands?

A)

B)

C)

D)

When configuring UBT on a switch what will happen when a gateway role is not specified?

In an ArubaOS 10 architecture using an AP and a gateway, what happens when a client attempts to join the network and the WLAN is configured with OWE?

A network administrator is troubleshooting some issues guest users are having when connecting and authenticating to the network The access switches are AOS-CX switches. What command should the administrator use to examine information on which role the guest user has been assigned?

A company recently upgraded its campus switching infrastructure with Aruba 6300 CX switches. They have implemented 802.1X authentication on edge ports where laptop and loT devices typically connect. An administrator has noticed that for PoE devices the pons are delivering the maximum wattage instead of what the device actually needs Upon connecting the loT devices, the devices request their specific required wattage through information exchange

What does the 802.3bz standard describe?

Refer to the image

Your customer is complaining of weak Wi-Fi coverage in their office. They mention that the office on the other side of the hall has much better signal What is the likely cause of this issue?

With the Aruba CX switch configuration, what is the Active Gateway feature that is used for and is unique to VSX configuration?

A customer wants to enable wired authentication across all their CX switches One of the requirements is that the switch must be able to authenticate a single computer connected through a VoIP phone.
Which feature should be enabled to support this requirement?

You are doing tests in your lab and with the following equipment specifications
• AP1 has a radio that generates a 10 dBm signal
• AP2 has a radio that generates a 11 dBm signal
• AP1 has an antenna with a gain of 9 dBi
• AP2 has an antenna with a gain of 12 dBi.
• The antenna cable for AP1 has a 2 dB loss
• The antenna cable for AP2 has a 3 dB loss
What would be the calculated Equivalent Isotropic Radiated Power (EIRP) for AP1?

Review the exhibit

You are troubleshooting an issue with a 10.102.39.0/24 subnet which is also VLAN 1000 used Tor wireless clients on a pair of Aruba CX 8360 switches The subnet SVI is configured on the 8360 pair, and the DHCP server is a Microsoft Windows Server 2022 Standard with an IP address of 10.200.1.100. The 10.102.250.0/24 subnet is used for switch management. A large number of DHCP requests are failing You are observing sporadic DHCP behavior across clients attached to the CX 6100 switch.
Which action may help fix the issue?

A)
Enter the following commands on the VSX primary switch:

vsx
vsx-sync dhcp-relay
exit

B)
Enter the following commands on the VSX secondary switch:

vlan 1000
ip relay-address 10.200.1.100
exit

C)
Add an SVI in the 10.102.39.0/24 subnet on the Aruba CX 6100 switch that the APs are connected to.

D)
Enter the following commands on the Aruba CX 6100 switch:

interface vlan 1000
ip helper-address 10.200.1.100
exit

Which Aruba AP mode is sending captured RF data to Aruba Central for waterfall plot?

When setting up an Aruba CX VSX pair, which information does the Inter-Switch Link Protocol configuration use in the configuration created?

The customer needs a network hardware refresh to replace an aging Aruba 5406R core switch pair using spanning tree configuration with Aruba CX 8360-32YC switches What is the benefit of VSX clustering with the new solution?

You are working on a network where the customer has a dedicated router with redundant Internet connections Tor outbound high-importance real-time audio streams from their datacenter All of this traffic.
• originates from a single subnet
• uses a unique range of UDP ports
• is required to be routed to the dedicated router
All other traffic should route normally The SVI for the subnet containing the servers originating the traffic is located on the core routing switch in the datacenter What should be configured?

What are two advantages of splitting a larger OSPF area into a number of smaller areas? (Select two )

Which statements are true about VSX LAG? (Select two.)

A company deployed Dynamic Segmentation with their CX switches and Gateways After performing a security audit on their network, they discovered that the tunnels built between the CX switch and the Aruba Gateway are not encrypted. The company is concerned that bad actors could try to insert spoofed messages on the Gateway to disrupt communications or obtain information about the network.

Which action must the administrator perform to address this situation?

You need to create a keepalive network between two Aruba CX 8325 switches for VSX configuration.

How should you establish the keepalive connection?

You are are doing tests in your lab and with the following equipment specifications:
• AP1 has a radio that generates a 16 dBm signal.
• AP2 has a radio that generates a 13 dBm signal.
• AP1 has an antenna with a gain of 8 dBi.
• AP2 has an antenna with a gain of 12 dBi. The antenna cable for AP1 has a 4 dB loss. The
antenna cable for AP2 has a 3 dB loss.
What would be the calculated Equivalent Isotropic Radiated Power (EIRP) for AP1?

Your Director of Security asks you to assign AOS-CX switch management roles to new employees based on their specific job requirements After the configuration was complete, it was noted that a user assigned with the administrators role did not have the appropriate level of access on the switch.
The user was not limited to viewing nonsensitive configuration information and a level of 1 was not assigned to their role Which default management role should have been assigned for the user?

What is a primary benefit of BSS coloring?

What are the requirements to ensure that WMM is working effectively’? (Select two)

Your Director of Security asks you to assign AOS-CX switch management roles to new employees based on their specific job requirements. After the configuration was complete, it was noted that a user assigned with the auditors role did not have the appropriate level of access on the switch. The user was not allowed to perform firmware upgrades and a privilege level of 15 was not assigned to their role. Which default management role should have been assigned for the user?

Which statements regarding Aruba NAE agents are true? (Select two )

You need to have different routing-table requirements With Aruba CX 6300 VSF configuration. Assuming the correct layer-2 VLAN already exists, how would you create a new SVI for a separate routing table?

A large retail client is looking to generate a rich set of contextual data based on the location information of wireless clients in their stores.

Which standard uses Round Trip Time (RTT) and Fine Time Measurements (FTM) to calculate the distance a client is from an AP?

Which feature allows the device to remain operational when a remote link failure occurs between a Gateway cluster and a RADIUS server that is either in the cloud or a datacenter?

A customer is using a legacy application that communicates at layer-2. The customer would like to keep this application working across the campus which is connected via layer-3. The legacy devices are connected to Aruba CX 6300 switches throughout the campus.

Which technology minimizes flooding so the legacy application can work efficiently?

The administrator notices that wired guest users that have exceeded their bandwidth limit are not being disconnected Access Tracker in ClearPass indicates a disconnect CoA message is being sent to the AOS-CX switch.
An administrator has performed the following configuration:

What is the most likely cause of this issue?

You need to drop excessive broadcast traffic on an ingress port or an ArubaOS-CX switch. What is the best feature to use for this task?

Your manufacturing client is having installers deploy seventy headless scanners and fifty IP cameras in their warehouse These new devices do not support 802 1X authentication. How can HPE Aruba reduce the IT administration overhead associated with this deployment while maintaining a secure environment using MPSK?