A network architect is planning a guest solution for a group of ports in a conference room. Guests
should have access to the Internet only. The company wants a simple solution and prefers not to
burden visitors with login requests.
Which solution would best meet the company’s requirements for a gust network?
A.
Place the ports in a black-hole VLAN that is not carried on Switch-to-Switch links. Apply a
dynamic VLAN for guests who pass web authentication to a server that allows MAC registration
B.
Place the guest ports that is allowed access only to the internet. Optionally configure port
isolation.
C.
Apply MAC lockdown to the guest ports. Configure switches to place unknown MAC addresses
in a VLAN with access only to the internet
D.
Apply web authentication to the guest ports. Use the built-in guest accounts for HP switches to
authenticate the users
Explanation:
If You place them in a Black-Hole-Vlan, then they wont be able to connect to the Internet. not even a gateway. B is correct
0
0
Initially, they would be placed in black hole vlan – after the guest pass the web-authentication they would be placed in Guest VLAN (dynamic VLAN) and then could access Internet. The web-authentication would do Mac-authentication.
0
0
I think C; because they dont want guest login (not A, D).
Option B not correct: if employees connect to that port how they can access company resources?
0
0
Answer is B
This is part of an example in the study guide:
The wireless LAN in the lobby MUST deny all traffic except to approved internet gateways by performing port isolation.
0
0