QUESTION 18
Read this scenario thoroughly, and then answer each question that displays on the right side of the screen.
An architect proposes these products for a customer who wants a wireless and wired upgrade:
Aruba 2930M switches at the access layer
Aruba 5406R switches at the core
Aruba AP-325s
Aruba 7205 Mobility Controllers (MCs), deployed in a cluster
Aruba Mobility Master (MM)
Aruba ClearPass Cx000V
Aruba AirWare
The architect also needs to propose a security plan for the solution. The customer has 900 employees and up to
30 guests a day. The customer wants to protect the internal perimeter of the network with authentication and simple access controls. The customer is most concerned about wireless security, but also wants to ensure that only trusted users connect on the wire. However, the customer also wants all wired traffic to be forwarded locally on access layer switches. The customer already has a third-party firewall that protects the data center.
The customer wants to use certificates to authenticate user devices, but is concerned about the complexity of deploying the solution. The architect should recommend a way to simplify. For the most part users connect company-issued laptops to the network. However, users can bring their own devices and connect them to the network. The customer does not know how many devices each user will connect, but expects about two or three per-user. DHCP logs indicate that the network supports a maximum of 2800 devices.
Refer to the provided scenario. Based on the plan for wired authentication, what is a correct plan for wired user VLANs?
A: use the MCs to assign wired users to their VLANs, and extend the VLANs to a Layer 3 switch connected to the MC B: specify the VLANs in network policies on AirWare, and ensure that both the switches and MCs are managed by AirWare C: assign wired users to different VLANs from wireless users, based on port or role assignments on access layer switches. Extend the VLANs to the core.
D: configure the same roles on switches and MCs to place wired and wireless users in the same VLANs.Extend VLANs from access layer switches to the core.
C
Explanation:
This answer is correct because it meets the customer’s requirements for wired authentication and traffic forwarding. By assigning wired users to different VLANs from wireless users, the architect can ensure that the wired traffic is not tunneled to the MCs, but forwarded locally on the access layer switches. This reduces the load on the MCs and the network bandwidth. By using port or role assignments on the access layer switches, the architect can also implement 802.1X authentication without tunnelled node, which enables user access control and dynamic VLAN assignment based on user identity and device type. By extending the VLANs to the core, the architect can ensure that the wired users can reach the data center and other network resources through the Layer 3 switch connected to the firewall. References:
Aruba 2930M Switch Series – Data sheet)
Aruba ClearPass Policy Manager – Data sheet)
ArubaOS-Switch Wired Access with ClearPass – Configuration guide)
QUESTION 23
An architect plans 128 APs to support 12,800 devices in a very high density (VHD) design. The customer requires high availability, so the architect plans to recommend a pair of controllers. What is one reason to recommend 7210 controllers rather than 7205 controllers for this deployment?
The Aruba 7210 Mobility Controller is designed to support up to 512 APs and 16,384 simultaneous users. In contrast, the 7205 Mobility Controller supports up to 256 APs and 8,192 simultaneous users. Therefore, for a very high density (VHD) design with 128 APs supporting 12,800 devices, the 7210 controllers would be a better fit due to their higher capacity for APs and simultaneous users.
References:
Designing Aruba Solutions, Rev. 20.11, Module 4: Aruba Mobility Controller Design, page 4-16
7200 Series Controller Data Sheet, page 1
QUESTION 28
Refer to the exhibit.
An architect needs to plan a network solution for a new office building with four floors. Each floor has two wiring closets with the equipment shown in the exhibit. The switches will connect to employee desktops, a few campus APs controlled by MCs, and printers. The switches do not implement tunneled node.
What is a best practice design for the VLANs and subnets for the wired devices?
The traditional guideline limits a wired VLAN to a /24 subnet, which provides enough IP addresses for 253 endpoints. You might have suggested one of three approaches: one VLAN per floor, one VLAN per building, or one VLAN per campus. The one VLAN per floor approach is not recommended because it interferes with roaming and adds complexity. If you did take this approach, the /24 subnets are not large enough for the requirements on every floor. You would need to ask for /23 subnets. The one VLAN per building approach would work if you considered each building its own RF domain. It provides roaming within a building and, if you are using a single cluster at the data center, between buildings. Ifyou deployed two MCs or clusters, one at each building, though, GRE tunneling would be required to support roaming between buildings.
QUESTION 32
An architect plant to purpose an Aruba wireless solution with several Mobility Controllers (MCs) and a Mobility Master (MM) architecture. Wireless users run Skype for Business, a Unified Communications (UC) solution. The architect plans to use the Aruba SDN capabilities to integrate with the UC solution.
What helps to support high availability specifically for the SDN services?
The Aruba SDN Controller is a software component that runs on the Mobility Master (MM) and provides centralized control and management of the network devices and applications that support the SDN services. The SDN Controller communicates with the network devices through the southbound interface (SBI) and exposes the northbound API (NBAPI) for the SDN applications to access the network resources and services1.
One of the SDN applications that can integrate with the Aruba SDN Controller is the Aruba UC and Collaboration Solution, which optimizes the performance and quality of Skype for Business traffic over the wireless network. The Aruba UC and Collaboration Solution consists of three components: the Aruba UC and Collaboration SDN Application, the Aruba UC and Collaboration Dashboard, and the Aruba UC and Collaboration Agent2.
The Aruba UC and Collaboration SDN Application is a software module that runs on the Skype for Business Front End Server and communicates with the Aruba SDN Controller through the NBAPI. The Aruba UC and Collaboration SDN Application monitors the Skype for Business sessions and events, and sends the relevant information to the Aruba SDN Controller, such as the user identity, device type, session type, codec, bandwidth, and quality of service (QoS) requirements2.
The Aruba UC and Collaboration Dashboard is a web-based graphical user interface that provides visibility and analytics of the Skype for Business sessions and events over the wireless network. The Aruba UC and Collaboration Dashboard connects to the Aruba SDN Controller through the NBAPI and displays the information collected by the Aruba UC and Collaboration SDN Application, such as the number of active sessions, session types, session quality, bandwidth consumption, and device distribution2.
The Aruba UC and Collaboration Agent is a software module that runs on the Mobility Controller (MC) and communicates with the Aruba SDN Controller through the SBI. The Aruba UC and Collaboration Agent receives the information from the Aruba UC and Collaboration SDN Application through the Aruba SDN Controller, and applies the appropriate QoS policies and actions on the wireless network, such as prioritizing the Skype for Business traffic, marking the DSCP values, reserving the bandwidth, and adjusting the airtime2.
To support high availability for the SDN services, the Aruba SDN Controller must be deployed in a redundant configuration, with a primary MM and a backup MM. The primary MM runs the active instance of the Aruba SDN Controller, while the backup MM runs the standby instance of the Aruba SDN Controller. The backup MM synchronizes the configuration and state information from the primary MM, and takes over the SDN Controller role in case of a failure or switchover of the primary MM1.
The other options do not provide high availability specifically for the SDN services, although they may provide redundancy for other aspects of the wireless network. A redundant master MC does not run the Aruba SDN Controller, and only provides backup for the master MC role, which is responsible for managing the configuration and licensing of the MCs in the network3. Backup controllers defined on the APs do not run the Aruba SDN Controller, and only provide backup for the local MC role, which is responsible for terminating and managing the APs in the network4. A cluster deployment for MCs does not run the Aruba SDN Controller, and only provides load balancing and fast failover for the APs in the network5.
References: 1: ArubaOS 8.7 User Guide – Aruba, Chapter 42: SDN Controller, pages 1049-1050. 2: Aruba UC and Collaboration Solution Guide – Aruba, Chapter 2: Aruba UC and Collaboration Solution Overview, pages 11-15. 3: ArubaOS 8.7 User Guide – Aruba, Chapter 2: ArubaOS Architecture, pages 25-26. 4: ArubaOS
8.7 User Guide – Aruba, Chapter 3: Configuring Controller Redundancy, pages 39-40. 5: ArubaOS 8.7 User Guide – Aruba, Chapter 4: Configuring Controller Clustering, pages 51-52.
