A network administrator applies the following configuration to an IOS device.
aaa authentication login default local group tacacs+
What is the process of password checks when a login attempt is made to the device?
- A. A TACACS+ server is checked first. If that check fail, a database is checked
- B. A TACACS+ server is checked first. If that check fail, a RADIUS server is checked. If that check fail, a local database is checked
- C. A local database is checked first. If that fails, a TACACS+server is checked, if that check fails, a RADIUS server is checked
- D. A local database is checked first. If that check fails, a TACACS+server is checked
Explanation: The “aaa authentication login default local group tacacs+” command is broken down as follows:
+ The ‘aaa authentication’ part is simply saying we want to configure authentication settings.
+ The ‘login’ is stating that we want to prompt for a username/ password when a connection is made to the device.
+ The ‘default’ means we want to apply for all login connections (such as tty, vty, console and aux). If we use this keyword, we don’t need to configure anything else under tty, vty and aux lines. If we don’t use this keyword then we have to specify which line(s) we want to apply the authentication feature.
+ The ‘local group tacacs+” means all users are authenticated using router’s local database (the first method). If the credentials are not found on the local database, then the TACACS+ server is used (the second method).
More Questions: CCNP 350-401 Dumps