CCIE Wireless (v3.1)

Question No: 61 – (Topic 1)

Which event happens when a wireless client connects to a Cisco 5760 Converged Access Controller with a WLAN configured for AAA override enabled and an invalid VLAN (not configured on the Cisco 5760) is returned as part of RADIUS accept message by the Cisco ISE server?

  1. The client is marked as associated and DHCP required state.

  2. The client is marked as authenticated but does not get an IP address.

  3. The client is put in exclusion list by the WLC.

  4. The client is put in the RUN state and is mapped to the wireless management VLAN.

Answer: B

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_troubleshooting.html# wp1043599

Question No: 62 – (Topic 1)

Which statement about the integration of ISE with Cisco Prime Infrastructure version 2.2 is true?

  1. Cisco Prime Infrastructure can display ISE profiling attributes for authenticated and un authenticated clients.

  2. Cisco Prime Infrastructure can collect client authentication details from up to three configured ISE servers.

  3. ISE can be added to Cisco Prime Infrastructure only using user credentials of admin user configured locally on ISE

  4. When two instances of ISE are added to Cisco Prime Infrastructure. One must be working in secondary mode.

Answer: D

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2- 2/user/guide/pi_ug.pdf

Question No: 63 – (Topic 1)

Refer to the exhibit. A network administrator is installing a new converged access Cisco WLC. The uplink connection is to be a Gigabit port channel. Which characteristic is true?

  1. The port channel mode is set to active and sends PDUs at 30 sec intervals.

  2. The port channel mode is set to active and sends PDUs at 1 sec intervals.

  3. The port channel uses a Cisco proprietary protocol.

  4. The port-channel member interfaces must be set to trunk mode.

  5. The port channel is currently down.

Answer: A

Age Over 1 sec and flag as SA , Slow rate and in Active mode

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/cether/command/ce-xe-3se-3850-cr- book/ce-xe-3se-3850-cr-book_chapter_00.html

Question No: 64 – (Topic 1)

In which direction does Application Visibility and Control mark the DSCP value of the original packet in the wireless LAN controller?

  1. In both directions, upstream and downstream.

  2. In one direction, downstream only.

  3. In one configured direction, either upstream or downstream.

  4. In one direction, upstream only.

Answer: A


guide/b_cg80/b_cg80_chapter_011001.htmlQUESTION NO:

Question No: 65 – (Topic 1)

Which two statements about VXLAN are true?(Choose two.)

  1. VXLAN overcomes the 802.1Q virtual LAN address space limitation.

  2. VXLAN is an encapsulation method used to create a Layer 3 overlay network

  3. VXLAN uses the Spanning Tree Protocol for loop prevention.

  4. VXLAN is a Cisco proprietary standard.

  5. VXLAN can be used to enforce Layer 2 isolation in a multitenant infrastructure.

Answer: A,E

http://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series- switches/white-paper-c11-729383.html

Question No: 66 – (Topic 1)

FlexConnect APs have already been deployed in a branch office for local switching. Currently the WLAN in the large auditorium is proposed to change to a high-density design and thus some low data rates are proposed to be disabled while keeping the data rates in other areas under the same Cisco WLC. Which two configuration settings must be modified in the Cisco WLC to achieve this configuration? (Choose two.)

  1. RF Profiles

  2. Mobility Groups

  3. FlexConnect Groups

  4. AP Groups

  5. Fape profile.

Answer: A,D


From: http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-

4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_ chapter_010001111.html

Question No: 67 – (Topic 1)

Which statement about 802.11h is true?

  1. DFS feature works irrespective of whether the channel setting on WLC is set to auto or manual.

  2. 802.llh is not a mandatory standard under FCC regulations.

  3. The FCC does not require 802.llh to be supported in the 5 GHz band.

  4. When the radio detects a radar, it can use the channel for only 20 minutes at a time.

Answer: A


802 .llh-2003-Wikipedia, the free encyclopedia https://en.wikipedia.org/wiki/IEEE_802.11h-2003

The standard provides Dynamic Frequency Selection (DFS) and Transmit Power Control (TPC) to the 802.11a PHY. It has been integrated into the full IEEE 802.11-2007 standard. FCC Regulations Update -Cisco http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1300- series/prod_white_paper0900aecd801c4a88.html


Question No: 68 – (Topic 1)

Which AireOS release is the first to support New Mobility on the Cisco 2504 WLC?

  1. 8.0x

  2. 8.1x

  3. 7.6x

D. 7.4

Answer: A

http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html http://www.cisco.com/c/en/us/support/docs/wireless/2500-series-wireless- controllers/113034-2500-deploy-guide-00.html

Question No: 69 – (Topic 1)

In a converged access deployment, which two statements about mobility agents are true? (Choose two.)

  1. It maintains a client database of locally served clients.

  2. It manages mobility-related configuration.

  3. It handles RF functions.

  4. It is the first level in the converged access hierarchy.

  5. It is a mandatory element in the converged access design.

Answer: A,D

CT5760 Controller Deployment Guide – Mobility Architecture [Cisco 5700 Series Wireless LAN Controllers] – Cisco http://www.cisco.com/c/en/us/td/docs/wireless/technology/5760_deploy/CT5760_Controller


Mobility Agent

A mobility agent manages AP connectivity, CAPWAP tunnel terminations from APs and builds a database of client stations (endpoints) that are served locally as well as roamed from an Anchor WLC. Mobility agent can be either a Catalyst 3850 or a CT5760 mobility controller with an internal mobility agent running on it.

Mobility Controller:

A mobility controller provides mobility management tasks including inter-SPG roaming, RRM, and guest access. Mobility roaming, where a wireless client moves from one physical location to another without losing connectivity and services at any time, can be managed by a single mobility controller if roaming is limited to a mobility sub-domain. Roaming beyond a mobility sub-domain can be managed by multiple mobility controllers in a mobility group. The mobility controller is responsible for caching the Pairwise Master Key (PMK) of all clients on all the mobility controllers, enabling fast roaming of the clients within its sub- domain and mobility group. All the mobility agents in the sub-domain form CAPVVAP mobility tunnels to the mobility controller and report local and roamed client states to the mobility controller. The mobility controller builds a database of client stations across all the mobility agents.

Mobility Oracle

Mobility oracle further enhances mobility scalability and performance by coordinating roaming activities among multiple mobility groups, which removes the need for N2 communications between mobility controllers in different mobility groups to improve efficiency and performance.

Mobility Sub-domain

Multiple SPGs can be grouped together and collectively managed as a mobility sub- domain. One mobility controller is required for each mobility sub-domain.

Switch Peer Group

The Converged Access deployment defines an SPG as a logical group of mobility agents within one mobility controller (or mobility sub-domain). The main advantage of configuring SPGs is to constrain the roaming traffic to switches that form the SPG. When the mobility agents are configured in one SPG on the mobility controller, the software automatically forms full mesh CAPWAP tunnels between the mobility agent switches.

These CAPWAP tunnels can be formed in a multi-layer network design (where the mobility agent switches are L2 adjacent on a VLAN spanned across) or a routed access design (where the mobility agent switches are L3 adjacent).

The SPGs should be designed as a group of mobility agent switches to where the users frequently roam.

Question No: 70 – (Topic 1)

When a Flex Connect AP is in the quot;local authentication, local switchingquot; state, it handles client authentication and switches client data packets locally. This state is valid in standalone mode and connected mode. Which three statements about a FlexConnect AP are true? (Choose three).

  1. In connected mode, the AP provides minimal information about the locally authenticated client to the controller. This information is not available on the controller policy type. Access VLAN. VLAN name, supported rates. Encryption ciphter.

  2. In connected mode, the access point provides minimal information about the locally authenticated client to the controller. However, this information is available to the controller policy type., access VLAN, VLAN name, supported rates, encryption cipher.

  3. Local authentication is useful where you cannot maintain a remote office setup of a minimum bandwidth of 128 kbps with the round-trip latency no greater than 100 ms and the maximum transmission unit no smaller than 576 bytes.

  4. Local authentication is useful where you cannot maintain a remote office setup of a minimum bandwidth of 128 kbps with the round-trip latency no greater than 150 ms and the maximum transmission unit no higher than 500 bytes.

  5. Local authentication in connected mode does not require any WLAN configuration.

  6. Local authentication can be enabled only on the WLAN of a FlexConnect AP that is in local switching mode.

Answer: A,C,F

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7- 2/configuration/guide/cg/cg_flexconnect.html

