350-401 · Question #53
The login method is configured on the VTY lines of a router with these parameters. - The first method for authentication is TACACS - If TACACS is unavailable, login is allowed without any provided cre
The correct answer is C. R1#sh run | include aaa aaa new-model aaa authentication login default group tacacs+ aaa session-id common R1#sh run | section vty line vty 0 4 password 7 02050D480809 R1#sh run | include username R1#. Option C is correct because it uses 'aaa authentication login default group tacacs+' which applies TACACS+ as the primary authentication method to all lines (including VTY) by default, and the VTY lines have a locally configured password (02050D480809). When TACACS+ is unavailabl
Question
The login method is configured on the VTY lines of a router with these parameters.
- The first method for authentication is TACACS
- If TACACS is unavailable, login is allowed without any provided
credentials Which configuration accomplishes this task? A. B. C. D.
Exhibits
Options
- AR1#sh run | include aaa aaa new-model aaa authentication login VTY group tacacs+ none aaa session-id common R1#sh run | section vty line vty 0 4 password 7 02050D480809 R1#sh run | include username R1#
- BR1#sh run | include aaa aaa new-model aaa authentication login default group tacacs+ aaa session-id common R1#sh run | section vty line vty 0 4 transport input none R1#
- CR1#sh run | include aaa aaa new-model aaa authentication login default group tacacs+ aaa session-id common R1#sh run | section vty line vty 0 4 password 7 02050D480809 R1#sh run | include username R1#
- DR1#sh run | include aaa aaa new-model aaa authentication login telnet group tacacs+ none aaa session-id common R1#sh run | section vty line vty 0 4 R1#sh run | include username R1#
How the community answered
(40 responses)- A8% (3)
- B18% (7)
- C70% (28)
- D5% (2)
Explanation
Option C is correct because it uses 'aaa authentication login default group tacacs+' which applies TACACS+ as the primary authentication method to all lines (including VTY) by default, and the VTY lines have a locally configured password (02050D480809). When TACACS+ is unavailable, IOS falls back to the line password as an implicit fallback - satisfying the 'login allowed without provided credentials' requirement since the line password acts as the fallback. The 'default' keyword ensures the method list applies to the VTY lines without needing an explicit 'login authentication' statement on the line.
Topics
Community Discussion
No community discussion yet for this question.







