HP Aruba Certified Professional - Campus Access HPE7-A06 Question # 12 Topic 2 Discussion

The question asks for the first step in applying a role-to-role ACL (Access Control List) on traffic from a mobile device (M1) to a role (H2) in a network using Dynamic Segmentation with VXLAN and role-based policies.

Analysis of Options:

Option A:Describes an intermediate step where the edge switch transfers the Group Policy ID over VXLAN, which occurs later in the process.

Option B:Correct. The first step is the AP forwarding the packet from the mobile device (M1) to the gateway, which initiates the traffic flow in a tunneled Dynamic Segmentation setup.

Option C:Describes a later step where the destination switch (A1) enforces the role-to-role ACL, after the packet has traversed the network.

Option D:Describes a step where the gateway forwards traffic over a VXLAN tunnel, which occurs after the AP forwards the packet.

Why Option B is Correct:In HPE Aruba Networking’s Dynamic Segmentation architecture, wireless clients (e.g., M1) connect to an AP, which tunnels traffic to a gateway (e.g., in tunneled mode). The first step in the traffic flow is the AP forwarding the client’s packet to the gateway, which then processes the packet for role assignment and policy enforcement. This aligns with the role-to-role ACL application process, where the gateway applies policies based on the source (M1’s role) and destination (H2’s role) using Group Policy IDs over VXLAN.

Relevance to Certification Objectives:

Security (10%):Involves designing and troubleshooting role-based security policies in customer networks.

WLAN (9%):Includes implementing and troubleshooting wireless traffic flows in Dynamic Segmentation.

Switching (19%):Covers Layer 2/3 interconnection technologies like VXLAN for policy enforcement.