350-401 · Question #1061
An engineer must configure router R1 to validate user logins via RADIUS and fall back to the local user database if the RADIUS server is not available. Which configuration must be applied?
The correct answer is A. aaa authentication exec default radius local. To configure router R1 for RADIUS authentication with a local user database fallback for user logins, the aaa authentication exec default radius local command must be applied.
Question
An engineer must configure router R1 to validate user logins via RADIUS and fall back to the local user database if the RADIUS server is not available. Which configuration must be applied?
Options
- Aaaa authentication exec default radius local
- Baaa authentication exec default radius
- Caaa authorization exec default radius local
- Daaa authorization exec default radius
How the community answered
(24 responses)- A75% (18)
- B17% (4)
- C4% (1)
- D4% (1)
Why each option
To configure router R1 for RADIUS authentication with a local user database fallback for user logins, the `aaa authentication exec default radius local` command must be applied.
The `aaa authentication exec default` command specifies the authentication method list for accessing the EXEC shell. `radius` is configured as the primary method, causing the router to attempt authentication against the RADIUS server first. `local` is the fallback method, ensuring that if the RADIUS server is unreachable, the router will then authenticate against its locally configured user database, fulfilling the requirement.
This command specifies RADIUS as the only authentication method and does not include a fallback mechanism to the local user database, meaning user logins would fail if the RADIUS server is unavailable.
This command configures `authorization`, which determines what a user can do after authentication, rather than `authentication`, which verifies the user's identity during login.
This command configures `authorization` instead of `authentication`, and it also lacks the necessary fallback to the local user database, making it incorrect for the stated requirement.
Concept tested: Cisco IOS AAA authentication fallback (local)
Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/xe-3s/sec-usr-aaa-xe-3s-book/sec-usr-aaa-methods.html
Topics
Community Discussion
No community discussion yet for this question.