Exam 200-301 topic 1 question 677 discussion

I could be wrong but... A.Only password no local username B."aaa auth login default radius" doesn't work in Packet Tracer, "aaa auth login default group radius" works. C."no login local" is the opposite of what we want. D.The only downside i see with this is that i think you need to implement on each device separately, but since there was a security breach and a Radius failure, i think we are stuck with this option anyway? So D?

Why would I need to run "aaa new-model" if the scenario indicated RADIUS was already present? D

D alone is not enough. error: Router(config-line)#login authentication default AAA: Warning authentication list default is not defined for LOGIN The following commands are required aaa authentication login default local

D is the only correct one

We cannot authenticate with a Radius server without enabling aaa using "aaa new-model" command. We also need to configure the default aaa list using the command "aaa authentication login default group radius local" to allow authentication through the local database in case the radius server goes down. Given the current scenario, I assume that the questioner has already accounted for the previous requirements and we are asked to answer going forward.

The login authentication default doesn't work without the aaa configuration (so D is wrong) The username by itslef does nothing (so C is wrong) The aaa new-model without additional configuration is like C option (so A is wrong)

To secure the console port of each enterprise router with a local username and password, the correct configuration would be: C. username localuser secret plaintextpassword line con 0 login local This configuration involves creating a local username ("localuser") with a secret password ("plaintextpassword") and then applying local authentication to the console line (line con 0). The "login local" command specifies that local authentication should be used. Option D is close but includes unnecessary elements. The correct command for local authentication is simply "login local." Option A and B involve unnecessary or incorrect configurations for the specified task.

D Here's the breakdown of why this option is correct: "username localuser secret plaintextpassword": This command configures a local username (localuser) with a password (plaintextpassword). "line con 0": This command specifies that you are configuring the console (console port 0). "login authentication default": This command instructs the router to use the default authentication method for console login. In this case, it will use the local username and password created earlier (localuser and plaintextpassword). "privilege level 15": This command sets the privilege level to 15, which grants full administrative access to the console.

Again...a question that has nothing to do with CCNA 200-301...

Need create new authentication group for console. aaa authentication login CONSOLE local After map it to console line line console 0 login authentication CONSOLE

aaa new-model line con 0 password plaintextpassword privilege level 15

A is incorrect because it does not specify a username which is required by the question. C is obviously incorrect too. D is actually incorrect as well, because "login authentication default" only works when AAA has been enabled ("aaa new-model"). I tried configuring D in PT and was not able to Telnet. Although in B, "aaa auth login default radius" is not a valid command, when I configured B in PT I was still able to Telnet, so it only needs the other commands in the sequence to be valid in order to work. B is the answer.

Login local command would be used only if aaa new model is disabled, but when aaa new model is enabled you should use "login authentication default" which is enabled by default when aaa new model is enabled.

D is the correct answer