Refer to the exhibit. A network administrator issues the show run | section username|aaa|line|radius command to verify an AAA configuration on a Cisco router. Which two conclusions can be drawn from the command output? (Choose two.)

IT Questions BankCategory: CCNPRefer to the exhibit. A network administrator issues the show run | section username|aaa|line|radius command to verify an AAA configuration on a Cisco router. Which two conclusions can be drawn from the command output? (Choose two.)

Refer to the exhibit. A network administrator issues the show run | section username|aaa|line|radius command to verify an AAA configuration on a Cisco router. Which two conclusions can be drawn from the command output? (Choose two.)

  • The router must use Cisco default ports for authentication and accounting to connect to a RADIUS server.
  • Authentication for the vty lines is using the default authentication method.
  • Authentication for the console line will use local authentication as a fallback method if the RADIUS server is not available.
  • A missing ip radius source-interface command on RADIUS server settings may prevent the router from using the services of the server.
  • The Cisco router can use the radiuspassword pre-shared key to connect to a RADIUS server.

Explanation: The conclusions that can be drawn from the command output are:
According to the aaa authentication login VTY_ACCESS group RADIUSMETHOD local command the first method to be used is the group of servers in the RADIUSMETHOD group.
According to the aaa authentication login CONSOLE_ACCESS group RADIUSMETHOD local command, the first method to be used is the group of servers in the RADIUSMETHOD group, and the second method to be used if the servers are not available is the local username and password database.
RADIUS server is using ports 1812 and 1813 for authentication and accounting, so the port numbers on the Cisco router should be the same, not the Cisco default ports (1645 and 1646).
The router needs to be configured with the same pre-shared key for the RADIUS server, RADIUSPASSWORD .
When a router sources packets, it uses the exit interface as the source of the packet. If the exit interface is not configured with the IP address that the AAA server is expecting, the client cannot use the AAA server and the services it provides. It is recommended that the IP address of a loopback interface be used for the source of packets and as the client IP address that is configured on the AAA server. Therefore, the router should be configured with the ip radius source-interface [ loopback ] [ number ].

Exam with this question: CCNP ENARSI v8 Certification Practice Exam
Exam with this question: CCNP ENARSI 8 Course Final Exam Answers

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments