A financial institution is implementing a multi-VRF environment on their ArubaOS-CX core switches to segment traffic between corporate, trading, and guest networks. A network architect needs to ensure that specific high-priority trading data from the trading VRF can be routed to a shared monitoring service located in the corporate VRF, without leaking all routes between the VRFs. Which routing feature is the most precise and secure method to achieve this specific inter-VRF communication?
A network engineer is troubleshooting an ArubaOS-CX switching environment where an NAE agent designed to monitor BGP neighbor states is not generating expected alerts. The agent's script is syntactically correct and the NAE engine is running. What are the most likely reasons for the agent's failure to trigger alerts? (Select TWO)
True or False: In an ArubaOS-CX VSX environment, the VSX keepalive link is mandatory for detecting a dual-active scenario, and it must be a direct Layer 3 connection between the primary and secondary switches.
A university is deploying a large campus network with Aruba CX switches and ClearPass. The security policy requires that devices connecting to wired ports are dynamically assigned to different VLANs based on their type (e.g., IP phones, printers, corporate laptops). A network engineer has configured 802.1X and MAB, and is now creating enforcement policies in ClearPass. Which ClearPass feature is essential for identifying the device type and returning the correct VLAN to the switch?
A hospital is upgrading its campus core with a pair of Aruba 8360 switches running in a VSX pair. They have a requirement for multicast video streaming for medical imaging, which relies on PIM-SM. The network administrator needs to ensure multicast routing functions correctly and efficiently across the VSX pair. What is the recommended approach for configuring PIM in this VSX environment?
During a network audit, a security analyst discovers that switches in the access layer are vulnerable to STP manipulation attacks, such as a rogue device claiming to be the root bridge. To mitigate this, the administrator decides to implement STP protection features on edge ports connected to end-user devices. Which ArubaOS-Switch feature should be configured on these ports to prevent them from becoming STP root or designated ports?
An e-commerce company is experiencing intermittent packet loss and high latency for its critical application servers connected to a VSF stack of Aruba 5406R switches. A network analysis reveals that a high volume of broadcast and unknown unicast traffic from a misconfigured server is flooding a large VLAN, consuming significant switch CPU and link bandwidth. What is the most effective feature to limit the impact of this traffic on the VSF stack?
A consultant is designing a resilient network for a manufacturing plant using ArubaOS-CX switches. The design uses two core switches and multiple access layer switch stacks. To provide redundant uplinks from an access stack to the two core switches, the consultant configures a multi-chassis link aggregation group (MC-LAG). Which underlying technology on the core switches is required to support this MC-LAG configuration?
An administrator is configuring 802.1X with EAP-TLS on an ArubaOS-CX switch for wired authentication against a ClearPass server. Corporate clients are issued certificates from an internal Certificate Authority (CA). When a client connects, the authentication fails. The ClearPass access tracker shows the error 'TLS session error'. The switch configuration is correct, and the client has a valid certificate. What is a common cause for this specific error in an EAP-TLS deployment?
A large enterprise is designing a campus network using an EVPN-VXLAN fabric with ArubaOS-CX switches. The goal is to provide Layer 2 and Layer 3 segmentation for multiple tenants. Which statement accurately describes the role of the BGP EVPN control plane in this architecture?