Exam 300-430 topic 1 question 157 discussion

Shouldnt the correct answer be C? You dont manage the WLC using the virtual interface ip

The answer is A we can configure WLC with virtual interface also. Configure the management interface: interface management ip address <management_ip_address> <subnet_mask> Configure the virtual interface: interface virtual <virtual_interface_number> ip address <virtual_ip_address> <subnet_mask> Enable management on the virtual interface: management-interface virtual <virtual_interface_number>

Permit statements must be added to the top of the ACL in both directions, not just in one direction. This is because the controller needs to communicate with the network and vice versa for management purposes. Simply adding permit statements to the top of the ACL without specifying the network to be managed from and the virtual interface of the controller may not be sufficient to enable management again.

Managment: via management interface with ROUTABLE IP LWA: via virtual interface and this has a NON ROUTABLE IP. Therefore A is wrong....

CCNP Enterprise ENWLSD 300-425 ENWLSI 300-430 Official Cert Guide.pdf Page 454 For AireOS controllers using versions 6.0 and later, CPU ACLs are applicable for traffic originating both to and from the controller. Thus, when you’re creating the ACLs and attaching them to the CPU, the ACL direction fields do not have any relevance. Page 79 As with CAPWAP, the controller’s management interface is used to communicate with AAA servers, as well as a host of other services, including MSE/CMX, directory servers, other controllers, and more. --> we need an ACL without direction, which includes the management interface and the admin network.

It is C

provided answer is incorrect, i tested above deny acl in my simulation virtual wlc lab.

provided answer is correct, i tested above deny acl in my simulation virtual wlc lab.