ExamTopics Logo
Mail Us[email protected]
Menu
Hp Discussions
exam questions

Exam HPE6-A84 All Questions

View all questions & answers for the HPE6-A84 exam
Go to Exam

Exam HPE6-A84 topic 1 question 14 discussion

Actual exam question from HP's HPE6-A84
Question #: 14
Topic #: 1
[All HPE6-A84 Questions]

Refer to the scenario.
A customer has an Aruba ClearPass cluster. The customer has AOS-CX switches that implement 802.1X authentication to ClearPass Policy Manager (CPPM).
Switches are using local port-access policies.
The customer wants to start tunneling wired clients that pass user authentication only to an Aruba gateway cluster. The gateway cluster should assign these clients to the “eth-internet" role. The gateway should also handle assigning clients to their VLAN, which is VLAN 20.
The plan for the enforcement policy and profiles is shown below:

The gateway cluster has two gateways with these IP addresses:
• Gateway 1
o VLAN 4085 (system IP) = 10.20.4.21
o VLAN 20 (users) = 10.20.20.1
o VLAN 4094 (WAN) = 198.51.100.14
• Gateway 2
o VLAN 4085 (system IP) = 10.20.4.22
o VLAN 20 (users) = 10.20.20.2
o VLAN 4094 (WAN) = 198.51.100.12
• VRRP on VLAN 20 = 10.20.20.254
The customer requires high availability for the tunnels between the switches and the gateway cluster. If one gateway falls, the other gateway should take over its tunnels. Also, the switch should be able to discover the gateway cluster regardless of whether one of the gateways is in the cluster.
Assume that you are using the “myzone” name for the UBT zone.
Which is a valid minimal configuration for the AOS-CX port-access roles?

  • A. port-access role eth-internet gateway-zone zone myzone gateway-role eth-user
  • B. port-access role internet-only gateway-zone zone myzone gateway-role eth-internet
  • C. port-access role eth-internet gateway-zone zone myzone gateway-role eth-internet vlan access 20
  • D. port-access role internet-only gateway-zone zone myzone gateway-role eth-internet vlan access 20
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by 35bbc64 at Feb. 6, 2025, 8:02 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
35bbc64
2 weeks, 4 days ago
Selected Answer: B
Nevermind, B is right ofc, GW is handling the VLAN assignment, not the switch :)
upvoted 1 times
...
35bbc64
3 weeks ago
Selected Answer: D
D should be correct as B doesn't assign the VLAN as per the requirement
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago