HP Exam HPE6-A84 Topic 1 Question 39 Discussion

Actual exam question for HP's HPE6-A84 exam

Question #: 39
Topic #: 1

A company has an Aruba ClearPass server at 10.47.47.8, FQDN radius.acnsxtest.local. This exhibit shows ClearPass Policy Manager's (CPPM's) settings for an Aruba Mobility Controller (MC).

The MC is already configured with RADIUS authentication settings for CPPM, and RADIUS requests between the MC and CPPM are working. A network admin enters and commits this command to enable dynamic authorization on the MC:

aaa rfc-3576-server 10.47.47.8

But when CPPM sends CoA requests to the MC, they are not working. This exhibit shows the RFC 3576 server statistics on the MC:

How could you fix this issue?

AChange the UDP port in the MCs' RFC 3576 server config to 3799.

BEnable RadSec on the MCs' RFC 3676 server config.

CConfigure the MC to obtain the time from a valid NTP server.

DMake sure that CPPM is using an ArubaOS Wireless RADIUS CoA enforcement profile.

Show Suggested Answer

Suggested Answer: D

This is because this URI specifies the exact attribute that contains the number of access rejects from the RADIUS server, which is the information that the NAE script needs to monitor and trigger an alert.

A) /rest/v1/system/vrfs/mgmt/radius/servers/cp.acnsxtest.local/2083/tcp?attributes=authstatistics. This is not the correct URI because it returns the entire authstatistics object, which contains more information than the access rejects, such as access accepts, challenges, timeouts, etc. This might make the NAE script more complex and inefficient to parse and process the data.

B) /rest/v1/system/vrfs/mgmt/radius/servers/cp.acnsxtest.local/2083/tcp?attributes=authstatistics?attributes=access_rejects. This is not a valid URI because it has two question marks, which is a syntax error. The question mark is used to indicate the start of the query string, which can have one or more parameters separated by ampersands. The correct way to specify multiple attributes is to use a comma-separated list after the question mark, such as ?attributes=attr1,attr2,attr3.

C) /rest/v1/system/vrfs/mgmt/radius/_servers/cp.acnsxtest.local/2083/tcp. This is not a valid URI because it has an extra underscore before servers, which is a typo. The correct resource name is servers, not _servers. Moreover, this URI does not specify any attributes, which means it will return the default attributes of the RADIUS server object, such as name, port, protocol, etc., but not the authstatistics or access_rejects.

7of30

by An at Mar 04, 2025, 12:49 PM

Limited Time Offer

25%

Off

Get Premium HPE6-A84 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

1 months ago

This is a classic case of a 'did you try turning it off and on again?' issue. Sometimes the simplest solutions are the best. I would start with option A and change the UDP port in the MC's RFC 3576 server config to 3799. It's worth a shot!

upvoted 0 times

Magdalene

18 days ago

After changing the UDP port, we should test it out to see if the CoA requests are working properly.

upvoted 0 times

...

Emile

22 days ago

I think option A is a good starting point. Let's try that first.

upvoted 0 times

...

Curtis

26 days ago

I agree, sometimes the simplest solutions work best. Changing the UDP port to 3799 might just do the trick.

upvoted 0 times

...

2 months ago

The issue seems to be with the NTP configuration. The RFC 3576 server statistics show that the NTP server is not reachable, which could be causing the CoA requests to fail. I would try option C and configure the MC to obtain the time from a valid NTP server.

upvoted 0 times