Exam 300-715 topic 1 question 76 discussion

the redirect to ISE is standard on port 8443 (already a non-standard port) the reason it does that is because ISE is sending the radius packet containing the redirect URL containing the port as per best practices on the port you need to allow access to ISE like permit tcp any host <ISE IP> eq 8443 if you want to change this to a different port you need to allow this communicaiton to ISE using the different port personally I would't really use option A because it opens up too much but it does the trick the other answers are not related to web authentication

ON THE SWITCH, not the controler, acl for the redirect is configured on wlc. but the switch need to change the port

A is correct, you must create an ACL and do a deny for the IP of the Cisco ISE server (used in my environment on a WLC for redirection, also explained in this document: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/113362-config-web-auth-ise-00.html

To configure web authentication on a non-standard port, the ip http port <port number> command should be used on the switch. This command specifies the HTTP server port number on the switch, enabling it to listen for HTTP requests on a different port than the default (which is typically port 80). When web authentication uses a non-standard port, this command ensures that traffic is redirected to the correct port.

Corrrect answer is A

B is on the portal config

B. ip http port <port number>

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/https/command/nm-https-cr-book/nm-https-cr-cl-sh.html#wp2154019954