What is Aruba-recommended best practice for hardening that only applies to Aruba CX 6300 series switches with dedicated management ports?

• A. Implement a control plane ACL to limit access to approved IPs and/or subnets
• B. Manually enable enhanced security mode from a console session
• C. Disable all management services on the default VRF
• D. Create a dedicated management VRF, and assign the management port to it.

Answer: (D)

Isolating management-plane traffic by using a dedicated management VRF on CX switches with dedicated management ports is the strongest hardening approach. Creating a dedicated management VRF and assigning the management port to it puts all management traffic into its own routing domain, separate from user/data traffic. This tight separation lets you tightly control which devices can reach the management IPs, apply specific access controls, and prevent data-plane networks from affecting or spying on the management path. The other options don’t leverage the isolation provided by a dedicated management VRF: ACLs help restrict who can reach the control plane but don’t by themselves create the necessary separation; a console-only security mode isn’t a standard Aruba CX feature; and disabling management services on the default VRF undermines the dedicated mgmt-port setup rather than fully exploiting it.