Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

HP Exam HPE6-A84 Topic 1 Question 39 Discussion

Actual exam question for HP's HPE6-A84 exam
Question #: 39
Topic #: 1
[All HPE6-A84 Questions]

A company has an Aruba ClearPass server at 10.47.47.8, FQDN radius.acnsxtest.local. This exhibit shows ClearPass Policy Manager's (CPPM's) settings for an Aruba Mobility Controller (MC).

The MC is already configured with RADIUS authentication settings for CPPM, and RADIUS requests between the MC and CPPM are working. A network admin enters and commits this command to enable dynamic authorization on the MC:

aaa rfc-3576-server 10.47.47.8

But when CPPM sends CoA requests to the MC, they are not working. This exhibit shows the RFC 3576 server statistics on the MC:

How could you fix this issue?

Show Suggested Answer Hide Answer
Suggested Answer: D

This is because this URI specifies the exact attribute that contains the number of access rejects from the RADIUS server, which is the information that the NAE script needs to monitor and trigger an alert.

A) /rest/v1/system/vrfs/mgmt/radius/servers/cp.acnsxtest.local/2083/tcp?attributes=authstatistics. This is not the correct URI because it returns the entire authstatistics object, which contains more information than the access rejects, such as access accepts, challenges, timeouts, etc. This might make the NAE script more complex and inefficient to parse and process the data.

B) /rest/v1/system/vrfs/mgmt/radius/servers/cp.acnsxtest.local/2083/tcp?attributes=authstatistics?attributes=access_rejects. This is not a valid URI because it has two question marks, which is a syntax error. The question mark is used to indicate the start of the query string, which can have one or more parameters separated by ampersands. The correct way to specify multiple attributes is to use a comma-separated list after the question mark, such as ?attributes=attr1,attr2,attr3.

C) /rest/v1/system/vrfs/mgmt/radius/_servers/cp.acnsxtest.local/2083/tcp. This is not a valid URI because it has an extra underscore before servers, which is a typo. The correct resource name is servers, not _servers. Moreover, this URI does not specify any attributes, which means it will return the default attributes of the RADIUS server object, such as name, port, protocol, etc., but not the authstatistics or access_rejects.

7of30


by An at Mar 04, 2025, 12:49 PM

Limited Time Offer

25%

Off

Get Premium HPE6-A84 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Kanisha
2 days ago
I think the problem is with the RADIUS configuration. The MC is already configured with RADIUS authentication settings for CPPM, but enabling dynamic authorization (RFC 3576) may require some additional setup. I would try option B and enable RadSec on the MC's RFC 3676 server config.
upvoted 0 times
...
Shakira
5 days ago
I'm not sure, but maybe D) Make sure that CPPM is using an ArubaOS Wireless RADIUS CoA enforcement profile could also be a solution.
upvoted 0 times
...
Carolann
7 days ago
I agree with Arthur, changing the UDP port might fix the issue.
upvoted 0 times
...
Ngoc
9 days ago
The issue seems to be with the NTP configuration. The RFC 3576 server statistics show that the NTP server is not reachable, which could be causing the CoA requests to fail. I would try option C and configure the MC to obtain the time from a valid NTP server.
upvoted 0 times
...
Arthur
12 days ago
I think the answer is A) Change the UDP port in the MCs' RFC 3576 server config to 3799.
upvoted 0 times
...

Save Cancel