300-430 Implementing Cisco Enterprise Wireless Networks (300-430 ENWLSI) Questions and Answers

In a Cisco wireless LAN controller, setting a specific data rate to ‘Mandatory’ means that all wireless clients must be able to communicate at this rate. To ensure that multicast uses the 54Mbps rates, one must set the 54Mbps data rate to ‘Mandatory’. This configuration will make it so that all multicast traffic is transmitted at this minimum set data rate, thus meeting the requirement specified by the engineer.

 The benefit of using dual SSIDs with a captive portal on the onboard SSID compared to a single SSID solution is the ability to restrict allowed device types. With a dual SSID setup, one SSID can be used for onboarding new devices with a captive portal that can enforce policies and check the device type before allowing access to the main SSID. This helps in maintaining a secure and compliant network environment. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

Local EAP (Extensible Authentication Protocol) allows wireless LAN controllers to directly authenticate clients using an internal database, which can be useful when external RADIUS servers are unreachable. By enabling local EAP, client devices can still connect to wireless networks even if communication with RADIUS servers fails, ensuring continuous network access for users. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

 In a multicast implementation using multiple multicast groups and PIM routers, the address that provides automatic discovery of the best RP (Rendezvous Point) for each multicast group is 224.0.1.39. This address is used by the Auto-RP feature, which allows for dynamic RP discovery and simplifies the management of multicast groups across the network. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

For optimal voice over WLAN performance with a Cisco 8821 wireless phone, the Cisco recommended configuration is to set the switch port to access mode and trust the DSCP markings. This ensures that voice traffic is appropriately prioritized in the network, providing better quality of service for voice communications. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

When an MSE with wIPS service is installed, it is crucial for alarm information to reach the MSE from the controllers. The Network Mobility Services Protocol (NMSP) is the protocol that facilitates this communication. Ensuring that NMSP is allowed through any firewalls or network security devices is essential for the proper functioning of the wIPS service. References := ( CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide )

To segregate iOS devices to the guest SSID on VLAN 101 and distribute the rest of the clients on VLAN 102, creating a service template and enabling device classification are required. The service template specifies the VLAN assignment, while device classification identifies the type of device connecting to the network. References: Cisco Catalyst 9800-80 WLC documentation on local policies and device classification.

In a multitenant building, competing wireless APs are initially classified as ‘unclassified’ in the WLC. This classification means that the APs are not recognized as part of the network’s infrastructure. Over time, administrators can classify these APs as ‘friendly’, ‘malicious’, or maintain them as ‘unclassified’ based on their potential impact on the network. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

When designing a high availability wireless network, the focus should be on cell overlap. Adequate cell overlap ensures that if one access point fails, another can provide coverage without service interruption, thus maintaining network resilience and availability. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

To ensure reliable streaming of multicast video over a wireless link, it’s essential to optimize the multicast settings on the controller. Option B, implementing video-stream for the multicast video on the controller, is a feature that optimizes the delivery of multicast streams by converting them into unicast streams for specific clients, thus improving reliability. Option C, allowing multicast-direct to work correctly, involves enabling multicast-direct globally, which allows multicast packets to be sent directly to clients without the need for them to subscribe to a specific multicast group, enhancing efficiency and reliability. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

 Cisco AVC (Application Visibility and Control) on a Cisco Wireless LAN Controller (WLC) is used to prioritize traffic by marking the packets. For Cisco IP cameras that use the wireless network, the AVC rule would be configured to mark the packets with a specific QoS value, ensuring that the video traffic is treated with higher priority as it traverses the network. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

When implementing Cisco Identity-Based Networking on a Cisco AireOS controller with two ACLs where one is applied directly on the WLC interface and another referenced by ISE for a specific group policy, the resulting ACL for a user in that group would be a combination of both ACLs. The BASE_ACL applied on the corporate_clients interface acts as the default ACL for all corporate clients, while HR_ACL is specific for Human Resources users. When a Human Resources user connects, HR_ACL takes precedence but does not replace BASE_ACL; instead, it appends its rules to those of BASE_ACL resulting in an aggregated set of rules from both ACLs. References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide)

To segregate iOS-connected devices onto a guest SSID on VLAN 101 and the rest of the clients on VLAN 102, specific configurations are needed on the Cisco Catalyst 9800 Wireless LAN Controller (WLC). The correct configurations required are:

• Add local profiling policy under global security policy settings (Option B): This allows the WLC to profile devices based on their operating system. By identifying iOS devices, a local profiling policy can then direct these devices to the appropriate VLAN.
• Enable device classification on global wireless settings (Option E): Device classification is necessary for the WLC to differentiate between device types. Once enabled, it can apply different policies based on whether a device is recognized as an iOS device or not.

References := ( CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide )

During the Extensible Authentication Protocol (EAP) process, the RADIUS server generates an encrypted session key after the client’s identity is authenticated. This session key is sent to the access point to encrypt data frames between the client and the access point. It ensures that each session has a unique encryption key, enhancing security. References: Look for information on EAP and RADIUS in the CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

Enabling unicast AP multicast mode can correct the issue of increased controller CPU overhead and overall network utilization after multicast is enabled. This mode allows the controller to send multicast traffic to the APs as unicast, which is more efficient for the wireless medium and reduces the load on the controller’s CPU.

References := ( CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide )

To prevent the network from a Layer 2 flooding of multicast frames and ensure a seamless transfer of multicast data to the client when roaming, IGMP snooping should be enabled on the WLC. This feature allows the WLC to monitor and control multicast traffic at Layer 2, preventing unnecessary multicast forwarding.

References := ( CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide )

To address concerns about detecting spurious threats from channels not used by the wireless infrastructure, deploying APs in monitor mode (B) and local mode with WIPS submode (D) would be beneficial. Monitor mode allows APs to listen to the wireless spectrum and identify potential threats, while WIPS (Wireless Intrusion Prevention System) submode enhances the ability to detect and mitigate wireless threats. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

For high availability configuration in Cisco CMX servers to work correctly, both primary and secondary servers must be identical in terms of installation type (physical or virtual) and size (resources allocated like CPU, RAM). If there is a mismatch in these aspects, it can lead to failure in setting up high availability as they need to synchronize data between them seamlessly. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

 Link-Local Service (LSS) filtering for mDNS (Multicast Domain Name System) is used to control the propagation of mDNS services across the network. To enable LSS for the AppleTV mDNS service only when ORIGIN is set to Wired, the correct action is to set ORIGIN to Wired and enable LSS specifically for the AppleTV service. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

The Voice VLAN feature on switches allows the network to distinguish between voice traffic and data traffic from wireless clients connected to IP phones. This is crucial for applying the appropriate QoS to ensure that voice traffic is prioritized over client data traffic. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

The Voice VLAN feature on switches allows the network to distinguish between voice traffic and data traffic from wireless clients connected to IP phones. This is crucial for applying the appropriate QoS to ensure that voice traffic is prioritized over client data traffic. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

The angle of arrival (AoA) method for client tracking determines the location of a wireless device using triangulation. This technique involves measuring the angle at which the signal arrives at different receivers (access points) and using this information to pinpoint the device’s location within the network. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

To create an account for CLI access to an access point for troubleshooting, the WLC must be configured to allow user access with the capability to make changes. The ReadWrite User Access Mode enables an engineer to have full read and write access to the AP’s configuration via the CLI, which is necessary for performing troubleshooting tasks. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

When configuring multicast for two WLCs in different physical locations, each handling around 500 wireless clients, it is important to assign a unique multicast group address to each WLC. This ensures that multicast traffic is properly segregated and managed within each controller’s network.

References := ( CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide )

The feature required on the Cisco Wireless LAN Controller to support dynamic VLAN mapping is AAA override. This feature allows for the assignment of VLANs on a per-user basis as determined by the authentication, authorization, and accounting server. When AAA override is enabled, attributes such as VLAN ID can be dynamically applied to a user’s session after successful authentication and authorization. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

 FlexConnect is a wireless solution for branch office and remote office deployments. It allows APs to switch client data traffic locally and perform client authentication locally when they are disconnected from the WLC. For WLAN A to work in FlexConnect mode and WLAN B to work in local mode, the APs need to be part of a FlexConnect group with proper WLAN-VLAN mappings. This ensures that the correct VLAN is used for each WLAN, which is essential when the APs are operating in FlexConnect mode. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

To segregate iOS devices to the guest SSID on VLAN 101 and distribute the rest of the clients on VLAN 102, creating a service template and enabling device classification are required. The service template specifies the VLAN assignment, while device classification identifies the type of device connecting to the network. References: Cisco Catalyst 9800-80 WLC documentation on local policies and device classification.

 If all APs are receiving multicast traffic instead of only those that need it, it indicates that Multicast Internet Group Management Protocol (IGMP) snooping is not enabled. IGMP snooping is a feature that allows a network switch to listen to IGMP network traffic and ensure that multicast packets are only sent to the ports associated with interested receivers, thus preventing unnecessary traffic on the network. References := CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

The primary change to the network when adding APs for location-based services, such as VolMLAN, would be the AP footprint. This refers to the physical coverage area of the access points. Increasing the AP footprint enhances the ability to perform location-based services by improving the accuracy of triangulation and location tracking of devices. This is because a denser AP footprint allows for more precise determination of a device’s location within the network. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide, specifically the sections discussing location-based services and AP deployment strategies for optimal coverage and location tracking.

During the Extensible Authentication Protocol (EAP) process, the RADIUS server generates an encrypted session key after the client’s identity is authenticated. This session key is sent to the access point to encrypt data frames between the client and the access point. It ensures that each session has a unique encryption key, enhancing security. References: Look for information on EAP and RADIUS in the CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

When a wireless controller is configured to authenticate clients against Microsoft Active Directory using PEAP (Protected Extensible Authentication Protocol), it uses RADIUS (Remote Authentication Dial-In User Service) as the protocol to communicate with the authentication server. RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service.

When configuring an Access Control List (ACL) to restrict traffic to the Wireless LAN Controller (WLC) CPU, the direction of the traffic is crucial. Since the ACL is meant to control traffic that is destined for the WLC CPU, it should be set as “Inbound”. This means that any rules applied within this ACL will affect incoming traffic towards the WLC, which is necessary when aiming to restrict certain types of traffic from reaching and potentially overwhelming the controller’s processing capabilities. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

To route wireless traffic from the branch through the firewall at corporate headquarters, the correct Cisco FlexConnect configuration is central authentication and central switching. This setup ensures that both user authentication and data traffic are handled centrally at the corporate headquarters, allowing the firewall to inspect and route the traffic accordingly. Local RADIUS servers in each branch can still be used for redundancy or other purposes, but the central control of traffic is maintained. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

Removing unnecessary controllers from the mobility group (B) would create less load on the controllers while maintaining the same mobility messages. This is because each controller in a mobility group shares its client database with other controllers, which can lead to increased overhead. By minimizing the number of controllers in the group, the load is reduced. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

For RADIUS to restrict administrative control effectively, the engineer needs to define a Network Access Server (NAS) entry that corresponds to the WLC’s management IP address and the AP subnet. The correct entry would be the NAS IP of the virtual interface (typically used for RADIUS communications) and the specific network range of the AP subnet, which is 192.168.2.0 with a subnet mask of 255.255.255.0. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

To collect user demographic information in exchange for guest WLAN access and to have a customized portal per location, the marketing department should tie the Facebook social connector into Cisco CMX. Facebook is widely used for social login features and provides access to demographic data when users consent, making it the ideal choice for this requirement. References: The use of social connectors for demographic data collection is discussed in the context of advanced location services in the official certification guide.

To ensure that all Android devices are placed into a separate VLAN on their wireless network without deploying ISE, the feature that must be implemented on the Cisco WLC is “WLAN local policy”. This feature allows the network administrator to create policies that can classify and segregate devices based on their operating system, in this case, Android devices, into a designated VLAN. References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide)

The maximum time range that can be viewed on the Cisco DNA Center issues and alarms page is 24 hours. This allows network administrators to monitor and troubleshoot recent issues and alarms within a one-day period. References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide)

Mobile Device Management (MDM) integration with Cisco ISE increases security for lost devices by providing functions such as data wipe and jailbreak/root detection. Data wipe allows the remote erasure of sensitive information from lost devices, preventing unauthorized access. Jailbreak/root detection helps identify compromised devices that may bypass standard security measures, ensuring that they do not access network resources.

 The two protocols used to communicate between the Cisco Mobility Services Engine (MSE) and the Cisco Prime Infrastructure network management software are HTTPS and NMSP (Network Mobility Services Protocol). HTTPS is used for secure web-based communications, while NMSP is a Cisco proprietary protocol used specifically for efficient, real-time communication between MSE and network management software like Cisco Prime Infrastructure. References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide)

To enable VLAN tagging for wireless Identity-Based Networking on a WLAN, an engineer must enable AAA override, which allows for dynamic VLAN assignment. Additionally, the RADIUS server attributes need to be updated to include tunnel type 64, medium type 65, and tunnel private group type 81, which are necessary for VLAN tagging information. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

When a wireless controller is configured to authenticate clients against Microsoft Active Directory using PEAP (Protected Extensible Authentication Protocol), it uses RADIUS (Remote Authentication Dial-In User Service) as the protocol to communicate with the authentication server. RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service.

The absence of rogue AP options in the navigation menu under Maps in Cisco Prime Infrastructure (PI) version 3.0 indicates that there is an issue with integrating location services, which are provided by Mobility Services Engine (MSE). Without adding MSE to PI, location-based services such as tracking rogue access points cannot be utilized or displayed within PI’s interface. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

 For an enterprise wireless network with distributed offices globally and APs configured in FlexConnect mode, enabling FlexConnect local authentication is essential to support 802.11r and CCKM. This configuration allows for fast roaming and maintains a secure connection by locally authenticating the clients without having to go back to the central site, thus providing a seamless and efficient roaming experience for the users.

The issue described indicates a problem with the 802.1X authentication policy on the authenticator, which is typically the wireless controller or access point. Even though the CA certificate is correctly installed on the laptop, if the authenticator’s policy is incorrectly configured or does not match the required settings for the corporate network, the user’s authentication attempts will fail. It is essential to review and correct the 802.1X policy settings on the authenticator to resolve this issue. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

In Quality of Service (QoS) for networking, Class of Service (COS) and Differentiated Services Code Point (DSCP) are used for traffic classification and prioritization. Voice traffic is generally given high priority due to its sensitivity to delay and requires proper tagging to maintain quality over the network.

The correct mapping for voice traffic, according to best practices, is a COS value of 5 mapped to a DSCP value of 46. This is because DSCP 46 corresponds to Expedited Forwarding (EF), which is typically used for voice traffic prioritization in IP networks.

The exhibit shows the output from a command on a network device that displays the current mappings between COS values and DSCP values. The mapping that needs modification for correct voice traffic tagging can be identified by looking at the standard practice for voice QoS, which uses a COS value of 5 mapped to a DSCP value of 46.

References := ( CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide )

When an engineer enables CPU ACLs on a Cisco device through Security > Access Control Lists > CPU Access Control Lists menu, this change applies immediately to both wireless and wired traffic directed towards the CPU of the device. This includes all management traffic destined for control plane services within the device itself, providing an additional layer of security against potential threats. References: (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide)

To load balance the data coming through NMSP from the WLCs and spread the load between multiple CMX servers, the configuration cmxctl config feature flags nmsplb.cmx-ap-grouping true should be used. This enables the load balancing feature and helps optimize the data flow for APs in a large network environment. References: The configuration for load balancing in CMX is explained in the certification guide, which outlines the commands and flags necessary to manage data flow efficiently.

Before deploying an OEAP successfully, the IT administrator must configure the AP mode to FlexConnect and check the box for Office Extend AP ©, and configure the Primary Controller Name and Management IP address in the High Availability tab (E). These settings ensure that the OEAP can establish a connection to the WLC and function correctly in a remote user’s home. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

The FlexConnect AP Upgrade feature allows for a selective upgrade process within a FlexConnect group. By not setting any master APs, the WLC will automatically select one AP of each model with the lowest MAC address to receive the upgrade directly from the controller. This ensures that the upgrade is distributed efficiently across different AP models in the group without manual intervention.

References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide)

 To provide guests access using social media authentication, the engineer must configure the “Social Connect” service. This service allows guests to use their Facebook credentials, among other social media platforms, to authenticate and gain network access. It simplifies the guest access process by leveraging existing social media accounts for authentication. References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide)

The feature that must be enabled to ignore non-802.11 interference is “Avoid Persistent Non-WiFi Interference.” This setting allows the Radio Resource Management (RRM) to not react to non-802.11 noise and interference, which can be crucial in environments where such interference is common but does not significantly impact wireless performance. By enabling this feature, RRM will not change the channel in response to non-IEEE 802.11 interferers, thus maintaining a stable channel plan. References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide)

 For a large company requiring support for 32 VLANs for different departments, the most efficient solution is to configure one single SSID and use Cisco ISE for dynamic VLAN assignment based on user roles. Cisco ISE can classify users into different groups and assign them to the appropriate VLANs. This approach reduces the complexity of managing multiple SSIDs and simplifies the user experience while maintaining a high level of security and network segmentation. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

 Cisco AVC (Application Visibility and Control) on a Cisco Wireless LAN Controller (WLC) is used to prioritize traffic by marking the packets. For Cisco IP cameras that use the wireless network, the AVC rule would be configured to mark the packets with a specific QoS value, ensuring that the video traffic is treated with higher priority as it traverses the network. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

TACACS+ (Terminal Access Controller Access-Control System Plus) is recommended for managing device access as it provides a more granular level of control over user authentication and authorization than RADIUS. It allows for different levels of access based on user identity by interfacing with external repositories such as Active Directory or LDAP. This protocol helps in distinguishing between different users and assigning appropriate access rights based on their roles within an organization. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

 Cisco Context Aware Services provide real-time tracking of mobile assets and users by gathering contextual information from networked devices. This service is not limited to wireless devices; it can track both wired and wireless devices within the network. The technology utilizes elements like Received Signal Strength Indicator (RSSI) and Time Difference of Arrival (TDoA) for location tracking and telemetry. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide, and Cisco Context Aware Software FAQ.

TACACS+ (Terminal Access Controller Access-Control System Plus) is recommended for managing device access as it provides a more granular level of control over user authentication and authorization than RADIUS. It allows for different levels of access based on user identity by interfacing with external repositories such as Active Directory or LDAP. This protocol helps in distinguishing between different users and assigning appropriate access rights based on their roles within an organization. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

 IGMP snooping is a feature that allows a network switch to listen to the Internet Group Management Protocol (IGMP) network traffic. This feature enables the switch to identify the multicast streams to which hosts are interested and to forward multicast traffic intelligently. By enabling IGMP snooping on the Wireless LAN Controller (WLC), it ensures that multicast streams are only forwarded to the access points (APs) where clients are subscribed to them. Setting the AP multicast mode to a specific multicast address, such as 238.255.255.255, allows the WLC to send multicast traffic to APs using this address, which helps in efficient distribution of the multicast stream.

In Cisco Prime Infrastructure, the maximum number of APs that can be used to contain an identified rogue access point in the WLC is four (4). This containment process involves using nearby APs to disrupt the rogue AP’s signals, thereby preventing it from effectively communicating with client devices. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide, which includes information on rogue AP detection and containment strategies within the WLC and Cisco Prime Infrastructure.