350-401 · Question #1055
Refer to the exhibit. A network engineer must permit administrators to automatically authenticate if there is no response from either of the AAA servers. Which configuration achieves these results?
The correct answer is D. aaa authentication login default group radius none. To permit administrators to automatically authenticate if RADIUS servers are unresponsive, the aaa authentication login default group radius none command configures RADIUS as the primary method and none as the fallback.
Question
Refer to the exhibit. A network engineer must permit administrators to automatically authenticate if there is no response from either of the AAA servers. Which configuration achieves these results?
Exhibits
Options
- Aaaa authentication enable default group radius local
- Baaa authentication login default group radius
- Caaa authentication login default group tacacs+ line
- Daaa authentication login default group radius none
How the community answered
(24 responses)- A4% (1)
- B8% (2)
- C8% (2)
- D79% (19)
Why each option
To permit administrators to automatically authenticate if RADIUS servers are unresponsive, the `aaa authentication login default group radius none` command configures RADIUS as the primary method and `none` as the fallback.
This command configures `enable` mode authentication, not user login, and `local` would require local credentials rather than allowing automatic authentication upon server failure.
This command specifies RADIUS as the primary method but does not include any explicit fallback mechanism for when RADIUS servers are unavailable, which would deny access instead of allowing it.
This command specifies TACACS+ for authentication, not RADIUS, and `line` authentication would require the line password, which does not meet the requirement for automatic authentication fallback.
The `group radius` keyword specifies to use RADIUS servers for authentication. The `none` keyword provides a fallback mechanism where authentication is bypassed entirely if the RADIUS servers are unreachable, thereby allowing automatic access as required.
Concept tested: Cisco IOS AAA authentication fallback (none)
Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/xe-3s/sec-usr-aaa-xe-3s-book/sec-usr-aaa-methods.html
Topics
Community Discussion
No community discussion yet for this question.

