350-401 · Question #970
A network engineer wants to configure console access to a router without using AAA so that the privileged exec mode is entered directly after a user provides the correct login credentials. Which actio
The correct answer is D. Configure a local username with privilege level 15.. To provide direct privileged EXEC mode access via the console without AAA, a local username configured with privilege level 15 should be created and used for login.
Question
A network engineer wants to configure console access to a router without using AAA so that the privileged exec mode is entered directly after a user provides the correct login credentials. Which action achieves this goal?
Options
- AConfigure a RADIUS or TACACS+ server and use it to send the privilege level.
- BConfigure login authentication privileged on line con 0.
- CConfigure privilege level 15 on line con 0.
- DConfigure a local username with privilege level 15.
How the community answered
(30 responses)- A10% (3)
- B17% (5)
- C3% (1)
- D70% (21)
Why each option
To provide direct privileged EXEC mode access via the console without AAA, a local username configured with privilege level 15 should be created and used for login.
The question explicitly states "without using AAA"; RADIUS and TACACS+ are both AAA services, making this option incorrect.
The command `login authentication privileged` is not a standard Cisco IOS command for local authentication on a line; `login local` or `login` is used.
Configuring `privilege level 15` under `line con 0` only sets the *default* privilege level for users logging in via that line, but it does not inherently grant direct privileged EXEC mode access after a simple login without a local username configured with that specific privilege and `login local` configured.
By configuring a local username with `privilege 15` and then using the `login local` command on the console line, a user who authenticates with those credentials will immediately be placed into privileged EXEC mode (level 15) upon successful login, bypassing the need for a separate `enable` password or command.
Concept tested: Cisco IOS local authentication privilege levels
Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_authen/configuration/xe-3s/sec-usr-authen-xe-3s-book/sec-usr-authen-cfg.html
Topics
Community Discussion
No community discussion yet for this question.