Exam 300-430 topic 1 question 1 discussion

The question stated the AP lost connection therefore all connected users would loose connectivity and have to reauthenticate. If Flexconnect Local Auth has been disabled this behavior would occur. The provided answer is correct.

When FlexConnect Local Authentication is disabled, the AP relies on the WLC for client authentication. If the AP loses connection to the WLC, it cannot authenticate clients, and as a result: The SSID is no longer advertised. Clients are disconnected because the AP cannot perform authentication locally.

https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/221229-configure-cwa-with-flexconnect-aps-on-a.html#:~:text=local%20switching%20mode.-,Prerequisites,local%20authentication%20on%20the%20FlexAPs%20is%20not%20supported%20for%20this%20scenario.,-Other%20Documents%20in

Hello, I'm going to take my exam next month and I'm not sure about this question. Would it really be option A?

Answer: A Note: RADIUS Network Admission Control (NAC) is not supported when the FlexConnect AP is in disconnected mode. Thus, if the FlexConnect AP is in standalone mode and loses connection to the WLC, all clients are disconnected, and the SSID is no longer advertised. source: most_ahdy - link: https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113606-byod-flexconnect-dg-000.html

https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113606-byod-flexconnect-dg-000.html I think it is A

D is wrong because in standalone mode existing clients are not de-authenticated and the SSID remains up and locally switched. NAC enabled WLANs however REQUIRE a connection to the WLC. When the WLC connection is lost NAC enabled SSID must therefore become disabled and users deleted.

I think D is the cause of the issue, as the WLC puts clients on the exclusion list because of multiple consecutive failed authentication attemps to the central authentication server, thus denying the client from the network.

When FlexConnect local switching is enabled, the clients are associated directly with the FlexConnect AP. If the AP loses connection to the WLC, the clients should still be able to communicate with each other on the local network. However, if Client Exclusion is enabled and the AP cannot communicate with the WLC, it will remove all associated clients, and the SSID will no longer be advertised. This behavior can be changed by disabling Client Exclusion on the WLC.

Maybe B.... https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/dam/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html.xml

MAC Filtering is not supported on FlexConnect access points in standalone mode. However, MAC Filtering is supported on FlexConnect access points in connected mode with local switching and central authentication. Also, Open SSID, MAC Filtering, and RADIUS NAC for a locally switched WLAN with FlexConnect access points is a valid configuration where MAC is checked by ISE. https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-3/config-guide/b_cg83/flexconnect.html#:~:text=MAC%20Filtering%20is,checked%20by%20ISE.

As per cisco documentation All 802.11 authentication and association processing occurs regardless of which operational mode the AP is in. When in connected mode, the FlexConnect AP forwards all association/authentication information to the WLC. When in standalone mode, the AP cannot notify the WLC of such events, which is why WLANs that make use of central authentication/switching methods are unavailable.

Not D. Disabling local auth cannot dissconnect already authenticated clients and cannot impact on broadcasting SSID