Professional Documents
Culture Documents
Local AAA is ideal for large complex networks because it uses the local database of the router for authentication.
Server-based AAA authentication can use the RADIUS or TACACS+ protocols to communicate between the router and a AAA
server.
Server-based AAA authentication is ideal for large complex networks because it uses the local database of the router for
authentication.
Local AAA authentication requires the services of an external server, such as the Cisco Secure ACS for Windows Server.
reduces number of authorization queries by combining the authorization process with authentication
The vty lines must be configured with the login authentication default command.
The aaa local authentication attempts max-fail command must be set to 2 or higher.
The administrative user should use the username Admin and password Str0ngPa55w0rd.
TACACS+ uses UDP port 1645 or 1812 for authentication, and UDP port 1646 or 1813 for accounting.
User Setup
Group Setup
Network Configuration
System Configuration
Interface Configuration
Administration Control
The administrator is allowed full access until a router reboot, which is required to apply changes.
The Cisco Secure ACS can be accessed from the router console.
Telnet can be used to configure a Cisco Secure ACS server after an initial configuration is complete.
The Cisco Secure ACS can be accessed remotely after installing ACS client software on the administrator workstation.
Refer to the exhibit. Router R1 has been configured as shown, with the resulting log message. On the basis of the information presente
two AAA authentication statements are true? (Choose two.)
The locked-out user should have used the username Admin and password Pa55w0rd.
The locked-out user should have used the username admin and password Str0ngPa55w0rd.
The locked-out user stays locked out until the clear aaa local user lockout username Admin command is issued.
Character mode provides remote users with access to network resources and requires use of the console, vty, or tty ports.
Character mode provides remote users with access to network resources and requires use of dialup or VPN.
Character mode provides users with administrative privilege EXEC access and requires use of the console, vty, or tty ports.
Packet mode provides users with administrative privilege EXEC access and requires use of dialup or VPN.
Packet mode provides remote users with access to network resources and requires use of dialup or VPN.
Packet mode provides users with administrative privilege EXEC access and requires use of the console, vty, or tty ports.
Local AAA authentication supports encrypted passwords; login local does not.
Local AAA provides a way to configure backup methods of authentication; login local does not.
A method list must be configured when using the login local command, but is optional when using local AAA authentication.
The login local command supports the keyword none, which ensures that authentication succeeds, even if all methods return
error.
Final del formulario
RADIUS can cause delays by establishing a new TCP session for each authorization request.
RADIUS because it supports detailed accounting that is required for billing users
TACACS+ because it requires select authorization policies to be applied on a per-user or per-group basis
RADIUS because it requires select authorization policies to be applied on a per-user or per-group basis
accessibility
accounting
auditing
authentication
authorization
It requires a login and password combination on console, vty lines, and aux ports.
It is more efficient for users who only need to enter a password to gain entry to a device.
A named accounting method list must be explicitly defined and applied to desired interfaces.
Accounting method lists are not applied to any interfaces until an interface is added to the server group.
The default accounting method list is automatically applied to all interfaces, except those with named accounting method lists.
Accounting services determine which resources the user can access and which operations the user is allowed to perform.
Authorization records what the user does, including what is accessed, the amount of time the resource is accessed, and any
changes that were made.
Final del formulario
Refer to the exhibit. In the network shown, which AAA command logs the use of EXEC session commands?
aaa accounting connection start-stop group radius
Character mode authorization is limited, and packet mode denies all requests.