aaa new-model
Enables authentication, authorization, and accounting (AAA) globally.
aaa server radius dynamic-author
Sets up the local AAA server for the dynamic authorization service, which must be enabled to support the CoA functionality to push the policy map in an input and output direction, and enters dynamic authorization local server configuration mode.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html
The question is "Which Cisco command enables authentication, authorization, and accounting globally" - the rest is irrelevant here. With that being the case, the only correct answer is C. Once AAA is enabled globally, THEN you would use the command "aaa server radius dynamic-author" to enable CoA
To enable AAA, you need to configure the 'aaa new-model' command in global configuration mode. Until this command is enabled, ALL OTHER AAA commands are hidden.
https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html
It's C. you cannot enable anything without first issuing "aaa new-model". So all AAA commands are not available befor you add "aaa new-model" therefor the answer is C
Guys,
you need reverse logic here.
> if you issue an "aaa new-model" you dont have CoA support as is disabled by default on all devices.
> if you issue "aaa server radius dynamic-author" this will activate CoA globally (assuming that aaa new-model is already there)
... and says "so that CoA >>IS<< supported..."
so the command activated CoA.
If the Q wording was different i.e.
"... so that to be able to support CoA..." , then the right answer would be C "aaa new-model" (but not with the above wording, which makes A the correct answer).
aaa new-model
Enables authentication, authorization, and accounting (AAA) globally
I think the aaa server radius dynamic-author command has to be enabled globally to support the CoA
A is correct answer don't be fooled:
Proof:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-xe-3se-3850-cr-book/sec-a1-xe-3se-3850-cr-book_chapter_01.html#wp4234596077
aaa new-model:
To enable the authentication, authorization, and accounting (AAA) access control model, issue the aaa new-model command in global configuration mode. To disable the AAA access control model, use the no form of this command.
aaa server radius dynamic-author:
( to facilitate interaction with an external policy server)
To configure a device as an authentication, authorization, and accounting (AAA) server to facilitate interaction with an external policy server, use the aaa server radius dynamic-authorcommand in global configuration mode. To remove this configuration, use the no form of this command.
It's C. Cisco states that Step 3: aaa new-model "Enables authentication, authorization, and accounting (AAA) globally."
This command goes before Step 4: aaa server radius dynamic-author, which "Enters dynamic authorization local server configuration mode and specifies a RADIUS client from which a device accepts Change of Authorization (CoA) and disconnect requests. Configures the device as a AAA server to facilitate interaction with an external policy server."
So the command aaa new-model is needed BEFORE aaa server radius dynamic-author, in order for it to function. Answer is C.
Source: Cisco RADIUS Change of Authorization paper - https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/xe-16-10/sec-usr-aaa-xe-16-10-book/sec-rad-coa.pdf
So both commands, "aaa new-model" and "aaa server radius dynamic-author," can be used to enable CoA on a Cisco device, but they serve different purposes. The "aaa new-model" command is used to enable AAA globally on the device, while the "aaa server radius dynamic-author" command is used to configure a RADIUS server for dynamic authorization.
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ampersand
Highly Voted 4 years, 1 month agosem_jeka
Most Recent 7 months, 1 week agoRockbo47
8 months, 2 weeks agoTthurston1
9 months, 2 weeks agoKorndal
9 months, 3 weeks agoXvidalX
1 year, 1 month agoxziomal9
1 year, 5 months agojpapas
1 year, 9 months agojpapas
1 year, 9 months agocyberwhizzy0
1 year, 9 months agoLeogxn
1 year, 9 months agojku2cya
1 year, 9 months agoJessie45785
1 year, 11 months agoYooAndI
1 year, 12 months agostalkr3
2 years agoJessie45785
2 years agoTuxzinator
2 years, 2 months agoEmlia1
2 years, 4 months ago