(Scenarios may contain multiple errors which may or may not impact the solution)
Refer to the exhibit.
An engineer has attempted to configure two pairs of switches in the referenced configuration It is required to implement VSX at the aggregation layer
The pons of the ArubaOS-CX 8325 switches used for Agg01 and Agg02 are populated as follows:
The configuration of switch AGG01 includes
The VSX cluster is not forming.
Which modification should you make to resolve the error condition?
- A . Modify the system interface-group 4 speed tOg command change "25g" to "10g"
- B . Modify the keepalive peer 192.168 20.2 source 192 168.20 1 command, changing "vrf KA" to "vrf mgmt"
- C . Edit the vsx-sync command, adding "keep-alive"
- D . Modify the vsx definition, changing "inter-switch-link lag 2" to" inter-switch-link lag 256"
A customer is installing a new ArubaOS-CX switch The customer does not change the factory default QoS configuration The switch receives an 802.1Q tagged VOIP frame on a port The header contains a DSCP value of EF(46) and the frame has an 802 ip value of 5
How will the switch forward the frame?
- A . Forwards it based on the DSCP value in the frame
- B . The switch trusts the settings and It forwards the frame with the current settings
- C . Forwards it based on the 802 ip value in the frame
- D . Forwards the frame with best effort forwarding
Company A and Company B are merging their BGP routed networks. The companies have overlapping IP ranges and security concerns during the migration phase.
Which Aruba CX 8325 functionality would help the merging of networks in a secure way?
- A . Use of ACL’s to separate the company networks at the VLAN level
- B . Use of Aruba Gateway appliance to control the routes between merged networks
- C . Use of vsf capable switch to integrate the routing
- D . Use of virtual route forwarding and BGP route leaking
You are working with a customer whos has a paw of Aruba 8325 switches configured for Multi-Chassis Link Aggregation The customer is complaining that users are experiencing intermittent packet drops.
Which action should be taken to quickly aid you in identifying the cause?
- A . Enable debug of vri with "console" set as the destination
- B . Setup a mirror session to generate a Tshark file.
- C . Setup a mirror session to niter packets for TCPDUMP analysis
- D . Check the configured VLANs using "show vsx config-consistency"
Refer to the exhibit.
Aruba CX 6300 switch has routes in three different VRFs as per the example above. The user needs to leak routes between VRF Secure and VRF Dev. and also between VRF default and VRF Dev
The customer Is not able to establish routing between directly connected networks 10.100.50.0/24 and 10.102.26.0/24.
Which statement is true regarding the routing troubleshooting?
- A . Multi-protocol BGP routing needs to be defined for route leaking
- B . Route Distinguisher needs to be set to 1 for default VRF.
- C . Route leaking is supported between non-default VRFs only
- D . Route leaking between default and non-default VRFs is supported with Aruba CX 8400.
With the given topology, the customer Has ArubaOS-CX 6300 switches and Aruba Gateway in use.
What is required for the client traffic to be tunneled as per best practice between the connected switch port and the Aruba Gateway” (Select two.)
- A . IP Protocol 6 should not be blocked on me datapath
- B . IP Protocol 47 should not be blocked in the data-path
- C . The ArubaOS-CX switch and Aruba gateway should have an end-to-end MacSec connection
- D . The ArubaOS-CX switch and Aruba gateway should be EBGP peers.
- E . Change the default MTU on the data-path between the switch and gateway
A customer with an ArubaOS-CX 6300M switch is having a performance issue on the network and has received complaints about users experiencing intermittent connectivity. After performing troubleshooting it is determined that many of the local websites on the LAN that users are unable to reach are resolved to an invalid MAC address.
What are the minimum steps that should be performed to mitigate this condition? (Select two)
- A . Implement arp ACLs to define trusted MAC address to IP bindings
- B . Enable ‘arp inspection’ on the end-user physical ports
- C . Enable ‘arp inspections on the end-user VLAN.
- D . Implement dhcpv4-snooping
- E . Enable ‘arp inspection untrusted on the end-user physical pons
A customer wants to implement a new Aruba 6300M 48-port iGbE Class 4 PoE and d-port SFP56 Switch solution. The customer wants to automatically provision devices, connected to the switch with correct settings. VoIP phones need to be placed in VLAN 10, send out traffic with a VLAN tag. The phone is LLDP-MED capable
How can you accomplish this with the least amount of administrative effort?
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
A customer would like to utilize some ArubaOS-CX 6300M switches to perform OSPF routing.
All ports are routed, and ECMP is enabled, with other default parameters for OSPF.
What will be the result of traffic sent from CLIENT-A to CUENT-B?
- A . Traffic will be SW3 -> SW-4 -> SW-2.
- B . Traffic win be SW3 -> SW-1 -> sw-2.
- C . Traffic will be SW3 -> SW-1 -> sw-4 -> SW-2
- D . Traffic will be SW3 -> SW-1 -> Sw-2 & SW3 -> SW-4 -> SW-2
When applying me following access-Iist to an ArubaOS-CX 6300 switch:
How does this ACL behave on the selected switch? (Select two.)
- A . The mp traffic to MANAGEMENT-SERVERS group is logged to me event logs
- B . The tftp traffic to MANAGEMENT-SERVERS group is not logged to the event logs.
- C . The snmp-trap traffic to MANAGEMENT-SERVERS is logged to the event togs.
- D . The denied tcp traffic to the MANAGEMENT-SERVERS group is logged to event logs.
- E . The denied tcp traffic to the MANAGEMENT-SERVERS group is not logged to event logs
Refer to the exhibit.
You want to protect the aggregation layer if the VSXISL falls.
Where should you place a VSX keepalive link?
- A . On VSX LAG 1
- B . On a dedicated link created using port 1’1/48 of each aggregation switch
- C . On the OOBM ports of both aggregation switches
- D . On VSX LAG 101
The customer has a requirement for creating security filtering for IPv4 and IPv6 traffic passing through an ArubaOS-CX 6400 switch.
Which statement Is true about access-list on the selected switch model?
- A . IPv4 and IPv6 entries can be used in one ACL with separate rules
- B . Separate IPv4 and IPv6 ACLs need to be created for inbound and outbound traffic
- C . Only one inbound or outbound ACL can be bound to an interface.
- D . Routed interfaces can have only inbound ACLs
Refer to the exhibit.
Which statement is true?
- A . Q1 and S1 are applied to all interfaces mat do not have a QoS override applied
- B . To be effective, both Q1 and S1 still need to be applied to Interfaces
- C . No default queues are changed
- D . Q1 and S1 are applied to all interfaces.
An administrator is utilizing the orchestration capabilities of NetEdit.
What are the two plan types that can be created? Configuration management plan (Select two.)
- A . Firmware plan
- B . Firmware plan
- C . Deployment plan
- D . Configuration plan
When an ArubaOS-CX switch uses the temporary copy of the coring state database, how does NetEdit validate if the configuration is correct?
- A . Semantic validation
- B . Syntax validation
- C . Deploy validation
- D . Planned validation
The customer is considering Implemented the following VSX configuration that will host an Aruba mobility cluster servicing 9000 dual stack employee devices.
The client’s default gateways will be hosted on the VSX stack. The customer is seeking advice about how to ensure ArubaOS-CX VSX best practices have been applied.
What advice can you offer the customer? (Select two)
- A . The ISL Bandwidth should be upgraded
- B . Agg-1 and Agg-2’s hardware forwarding table profile should be changed to "L3-agg”.
- C . The -system-mac’ of Agg-1 should be changed to an unused address from the unicast private address range
- D . The vsx linkup-delay timer is unnecessarily high; it should be reduced to prevent excessive delay of packet forwarding when a VSX peer joins an existing master.
- E . The Keepalive interface should be changed to interface LAG2 so there is redundancy through the mobility cluster.
- F . The keepalive subnet is misconfigured, it has an inappropriate address on Agg-1.
You have removed a member out of the ArubaOS-CX 6300 VSF configuration. The login to the removed member falls.
What is true about switch login recovery?
- A . The task requires physical access to the switch
- B . The zeroize task executes the zeroize.txt from the root of the CF card on the switch
- C . The zeroize task will remove all user passwords: the configuration remains on the switch
- D . The task can be executed remotely
Which statement is true regarding remote mirroring?
- A . The same source/destination address can be used in multiple sessions.
- B . Per session multiple destination addresses can be configured
- C . The ArubaOS-CX switch supports a maximum of two mirroring sessions
- D . When mirroring destination is tunnel, a DSCP value can be set on the tunnel
What are the requirements for managing a switch using Aruba NetEdit? (Select two)
- A . REST access-mode must be set to read-write.
- B . HTTPS service must be restricted to the management VRF
- C . The switch user account mat NetEdit uses should have a password.
- D . Telnet must be disabled on the switch
Which MAC address is valid for use as a VSX System-MAC address?
- A . AB:00:04:00:FF:00
- B . 0A:00:00.00.00
- C . FF:00:00:00:00:00
- D . 01:00:5E40:10.01