Exam 300-430 topic 1 question 180 discussion

To grant an engineer read/write access to rename access points and add them to the correct AP groups on a wireless controller using Cisco ISE TACACS, the minimum required custom attributes are: role1=WLAN role2=WIRELESS These roles provide the necessary permissions for managing wireless LAN configurations, including renaming access points and assigning them to AP groups. Why These Roles? role1=WLAN: Grants access to WLAN-related configurations. role2=WIRELESS: Grants access to wireless-specific configurations, including AP management. Why Not the Other Options? A. role1=WLAN: This role alone does not provide sufficient permissions for AP management tasks like renaming and adding to AP groups. B. role1=WLAN role2=SECURITY: The SECURITY role is related to security configurations and is not required for AP management tasks. D. role1=WIRELESS: This role alone does not provide sufficient permissions for WLAN-related configurations.

correct

WLAN + WIRELESS tabs

Renaming APs is in the Wireless Tab, setting APs into AP-Groups is in the WLAN tab, so choice C includes both.

Almost got tripped up on this one. "A" would be correct for this question's requirement. When passing attributes from ISE to the controller, the role command implies the tab the user can access/manage. In this case, the Engineer requires minimum access to manage the AP Groups, which would be on the "WLAN" (AP Groups) tab of the AireOS controller. ISE Config: https://youtu.be/GN8xUhg_5TI?t=59 "To move APs, click the AP group name, choose the APs tab, check the check box to the left of the AP name, or select the AP name check box to select all APs, and click the Add APs." - https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/olh/wlc-olh-81/wlansc.html#84757 Still new to all of this of course, so this is just from what I could find.