Which two statements about the management access control on Cisco WLC, using an external TACACS+ server, are true? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.BF.
The correct answers for this question are A and B.
A. The Cisco WLC supports TACACS+ command authorization. This means that the TACACS+ server can be used to control which commands are allowed to be executed by the administrator. The server will send an authorization response to the WLC, which will determine if the command is allowed or not.
B. The Cisco WLC AAA authorization is role-based, using custom TACACS+ attributes. The WLC uses the AAA (Authentication, Authorization, and Accounting) framework for controlling access. The authorization part of AAA is role-based, which means that a user's access to specific functions is determined by the role they are assigned. Custom TACACS+ attributes can be used to define these roles.
C. The Cisco WLC AAA authorization is role-based, using Cisco VSA attributes. This statement is incorrect because the WLC uses custom TACACS+ attributes, not Cisco VSA attributes, for role-based authorization.
D. The Cisco WLC requires the TACACS+ server to return a Privilege-Level attribute. This statement is incorrect because the WLC does not require the TACACS+ server to return a Privilege-Level attribute.
E. If a user is not entitled to a specific task, then the user is not allowed to access that task. This statement is true, as the WLC uses role-based authorization to determine access to specific functions. If a user is not assigned a role that has access to a particular function, they will not be able to access it.
F. If a user is not entitled to a specific task, then the user is allowed to have read-only access to that task. This statement is false, as the WLC does not provide read-only access to functions that a user is not entitled to. If a user is not assigned a role that has access to a particular function, they will not be able to access it at all.