Which user role meets all the criteria?

Your customer asked for help to apply an ACL for wireless guest users with the following criteria:

• Wi-Fi guests are on VLAN 555

• allow internet access

• only allow access to public DNS servers

• deny access to all internal networks except for any DHCP server

These session ACLs are already present in the CLI of the mobility gateway group:

You have access to the CLl.

Which user role meets all the criteria?

A)

B)

C)

D)

A . Option A
B . Option B
C . Option C
D . Option D

View Answer

Answer: A

Explanation:

Based on the criteria provided for wireless guest users, the correct user role configuration must allow internet access, only allow access to public DNS servers, deny access to all internal networks except for any DHCP server, and place the Wi-Fi guests on VLAN 555. The ACLs must permit services necessary for basic internet access (such as DNS and DHCP) and block access to internal networks.

Option A satisfies these criteria with the following configurations:

user-role "WiFi-guest":

This defines the role for Wi-Fi guests.

access-list session dhcp-acl: This applies the access list that likely permits DHCP, which is necessary for guests to obtain an IP address.

access-list session dns-acl: This applies the DNS access list, which likely restricts guests to using public DNS servers.

access-list session internal-networks: This applies the internal networks access list, which denies access to internal networks.

vlan 555: This sets the VLAN for Wi-Fi guests to 555.

Options B, C, and D are incorrect because they includeaccess-list session allowallwhich would permit all traffic, contradicting the requirement to deny access to all internal networks.