HP Aruba Certified Campus Access Professional Exam HPE7-A01 Question # 33 Topic 4 Discussion
HPE7-A01 Exam Topic 4 Question 33 Discussion:
Question #: 33
Topic #: 4
Your customer is interested in hearing more about how roles can help keep consistent policy enforcement in a distributed overlay fabric How would you explain this concept to them''
A.
Group Based Policy ID is applied on egress VTEP after device authentication and policy is enforced on ingress VTEP
B.
Role-based policies are tied to IP addresses which have an advantage over IP-based policies and role names are sent between VTEPs
C.
Group Based Policy ID is applied on ingress VTEP after device authentication and policy is enforced on egress VTEP
D.
Role-based policies enhance User Based Tunneling across the campus network and the policy traffic is protected with iPsec
This is the correct explanation of how roles can help keep consistent policy enforcement in a distributed overlay fabric. Roles are used to assign group based policy IDs (GBPs) to devices after they authenticate with ClearPass or a local database. GBPs are then used to tag the traffic from the devices and send them to the ingress VTEP, which applies the GBP on the VXLAN header. The egress VTEP then enforces the policy based on the GBP and the destination device. The other options are incorrect because they either do not describe the correct sequence of events or do not use the correct terms. References: https://www.arubanetworks.com/techdocs/AOS-CX/10.04/HTML/5200-6728/bk01-ch03.html https://www.arubanetworks.com/techdocs/AOS-CX/10.04/HTML/5200-6728/bk01-ch05.html
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit