Exam HPE6-A73 topic 1 question 17 discussion

If any firewall or network infrastructure device with ACLs are in the path, they must allow GRE and PAPI traffic. Enable GRE on IP protocol 47 and PAPI on UDP 8211

Page 775 Study Guide: This means that a HTTPS certificate has to be installed on the edge switch. [Aruba Networks]

HTTPS uses TCP 443, so it is A and not C

A is correct

Answer A is correct. Student Guide Vol2, page 115: "Roles can be configured locally on the switch using a Local User Role (LUR) or on a ClearPass server, using a downloadable user role (DUR). Roles that are configured locally can be assigned via any RADIUS server, using the Aruba-User-Role VSA. When using DUR, the ClearPass HPE-CPPM-Role VSA is used in combination with HTTPS to transfer the role to the switch."

DUR is a CPPM feature, so assumption is that the AAA is CPPM. AOS switches download their roles from CPPM using HTTPS, you just have to put a CA cert on the switch for the CPPM and reference the FQDN. Definitely A.

Answer is A

pg 681 from the Aruba guide - "When using DUR, the ClearPass HPE-CPPM-Role VSA is used in combination with HTTPS to transfer the role to the switch." UDP 8211 (PAPI) is related to dynamic segmentation and the communication to the MC not DUR.

HTTPS uses TCP 443, so it is A and not C

REST API is used for this, so A HTTPS

C only this port mentioned in study book. v2-169

C is correct (HTTPS is used between switch and CPPM)

The correct Answer is A

Correct it is A

I think the answer Should be A because something wrong with HTTPS maybe the switch failed to download the certificate or there is firewall block TCP443. If UDP 8211 (PAPI) is related for dynamic segmentation instead of DUR