Refer to the exhibit. An administrator configured a Cisco router for TACACS authentication, but the router is using the local enable password instead. Which action resolves the issue?
A.
Configure the aaa authentication login default group admin local if-authenticated command instead.
B.
Configure the aaa authentication login admin group tacacs+ local enable none command instead.
C.
Configure the aaa authentication login admin group tacacs+ local if-authenticated command instead.
D.
Configure the aaa authentication login admin group admin local enable command instead.
Well, first of all the question seems to be wrong.
We can see the admin method defined and the group is tacacs+ , tacacs server is defined as well as a tacacs server-group.
By applying the aaa authentication login admin group tacacs+ local enable the device should use the defined tacacs server and succesfully communicate, so based on the config there is no issue, I've tested it in LAB.
From the answers D is most logical, the others do not make sense, however the point is the question is wrong.
There may be multiple tacacs+ groups. This is the best I can think of. However yes the config in the exhibit is correct it will be using the tacacs server admin. But D explicitly defines using this server group named "admin", not all the tacacs+ groups. This is best I can think of.
"A" is not reflecting the solution from here:
https://community.cisco.com/t5/network-access-control/problem-setting-7606-router-for-tacacs-authentication/td-p/2316903
"A" adds " if-authenticated", which is used with authorization method lists, and not for authentication.
"D" defines method list "admin" and uses it for "line vty" configuration, which is correct.
Some examples:
https://www.netprojnetworks.com/cisco-9800-tacacs-config-cli-and-verify-notes/
please review cisco website in jarz 's comment
but I vote for D
the tacacs+ group name is "admin", so it must be "group admin" not "group tacacs+"
so B , C is out
and if-authenticated command is use for aaa authorization
so I choose D
I think it is D. The vty line is using the method "admin" and the method "admin" uses the TACACS+ group admin. In the original config, it used a wrong TACACS+ group name that is undefined. Then it doesn't have a local username or password I think. Therefore, causing authentication to refer to the enable password.
aaa authentication login default group admin local enable
https://community.cisco.com/t5/network-access-control/problem-setting-7606-router-for-tacacs-authentication/td-p/2316903
OH , I see the comment below.. in the cisco community
---
Please replace the below listed command
aaa authentication login admin group tacacs+ local enable
with;
aaa authentication login default group admin local enable
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
potato_inet0
Highly Voted 1 year, 5 months agobk989
1 month, 2 weeks agoHungarianDish_111
Highly Voted 1 year, 5 months agoSeMo0o0o0
Most Recent 2 months, 3 weeks agoRob_CCNP000
1 year, 2 months agointeldarvid
1 year, 3 months agoVergilP
1 year, 11 months agoHuntkey
2 years agoHuntkey
2 years agojarz
2 years agoVergilP
1 year, 11 months agoVergilP
1 year, 11 months ago