Exam 350-401 topic 1 question 983 discussion

I think people choice of and and AE is due to the command sets being related. # aaa server radius dynamic-author # client <radius-server-ip> server-key <shared-key>

A and E , recall there were questions in this 350-401 topic where we were asked what changes must we do for ISE(AAA Server) can assign custom VLAN's to users when they log in , and the right answer there was (first box to check) "enable AAA override" .

A & D are correct

Anwser AD. Réf: https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213919-configure-802-1x-authentication-on-catal.pdf

ref: https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213920-central-web-authentication-cwa-on-cata.html Here is the relevant part of the configuration of the WLC that corresponds to this example: aaa new-model ! aaa authorization network CWAauthz group radius aaa accounting identity CWAacct start-stop group radius ! aaa server radius dynamic-author client <ISE-IP> server-key cisco123 ! aaa session-id common ! ! radius server ISE-server address ipv4 <ISE-IP> auth-port 1812 acct-port 1813 key cisco123 ! ! (check the rest in the URL) so: ANS: AD

Configures the Change of Authorization (CoA) on the controller. # aaa server radius dynamic-author Specifies a RADIUS client and the RADIUS key to be shared between a device and a RADIUS client. # client 123.123.134.112 server-key 0 SECRET

C and D are the answers

To configure AAA on a Cisco 9800 WLC for central web authentication, you’ll need the following two commands: Device(config)# aaa server radius dynamic-author: This command enables the RADIUS dynamic authorization feature and enters dynamic authorization local server configuration mode1. (Cisco Controller) > config wlan aaa-override enable <wlan-id>: This command enables AAA override for a specific WLAN, allowing you to apply custom authentication, authorization, and accounting (AAA) settings for that WLAN1. Remember to adjust the <wlan-id> placeholder with the actual WLAN ID you want to configure. These commands will help you set up central web authentication effectively on your Cisco 9800 WLC. 🛡️

Going through elimination I think the answer is AD

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-14/config-guide/b_wl_17_14_cg/m_vewlc_central_web_authentication.html Configuring AAA for Central Web Authentication

A, C is OK https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/central-web-authentication.html

B, C and E does not exist in a 9800 WLC ???????-WLC#configure ? confirm Confirm replacement of running-config with a new config file memory Configure from NV memory network Configure from a TFTP network host overwrite-network Overwrite NV memory from TFTP network host replace Replace the running-config with a new config file revert Parameters for reverting the configuration terminal Configure from the terminal <cr> <cr>

C and E. You will never see A on a wireless controller CLI. That’s a Switch/Router.

A and E (In my Opinion) A - configures the WLC to use RADIUS for dynamic authorization (correct) B - diables AAA override (central web auth, we should want AAA override) C - configures a RADIUS accounting server (logging, not used for authentication) D - appears to be configuring a local RADIUS server on device, rather then setting up central web auth. E - enables AAA override for the WLAN, allowing WLC to use AAA for client authentication/authorization