AAA

Question 1

What are the 6 AAA Accounting types?

Answer 1

Network Accounting

Connection Accounting

EXEC Accounting

System Accounting

Command Accounting

Resource Accounting

Question 2

Which portion of AAA looks at what a user has access to?

Answer 2

authorization

Question 3

Which command creates a login authentication method named “login” that will primarily use RADIUS and fail over to the local user database?

Answer 3

aaa authentication radius local

eg:

aaa authentication login login radius loca

Question 4

Which AAA Authorization type includes PPP, SLIP, and ARAP connections?

Answer 4

network

Question 5

Which authentication service is needed to configure 802.1x?

Answer 5

RADIUS with EAP Extension

Question 6

username cisco password cisco
!
aaa new-model
!
radius-server host 10.1.1.50 auth-port 1812 key C1sc0123
aaa authentication login default group radius local line
aaa authentication login NO_AUTH none
!
line vty 0 15
login authentication default
password linepass
line console 0
login authentication NO_AUTH
!
Which login credentials are required when connecting to the console port in this output?

Answer 6

none required

Question 7

sername cisco password cisco
!
aaa new-model
!
radius-server host 10.1.1.50 auth-port 1812 key C1sc0123
aaa authentication login default group radius local line
aaa authentication loging NO_AUTH none
!
line vty 0 15
login authentication default
password linepass
line console 0
login authentication NO_AUTH

When a network administrator is attempting an SSH connection to the device, in which order does the device check the login credentials?

Answer 7

RADIUS server, local username, line password

Question 8

What does AAA stand for?

Answer 8

Authentication, Authorization, Accounting

Question 9

What is *Authentication*?

Answer 9

Authentication verifies the credentials of the client.

Question 10

What is *Authorization*?

Answer 10

Authorization determines the privileges of authenticated clients.

Question 11

What is *Accounting*?

Answer 11

Accounting is a gathering of statistics and is typically a separate process aside from Authentication/Authorization.

Question 12

What is *TACACS+*?

Answer 12

TACACS+ is a Cisco Proprietary protocol that enables AAA. Uses TCP port 49 for communication.

Question 13

What is *RADIUS*?

Answer 13

RADIUS is an IETF Standard protocol that enables AAA. Uses UDP port 1812 and 1813.

Question 14

What is local privilege authorization fallback?

Answer 14

Generally, when setting up AAA authentication, you can also set up backup protocols in case the primary fails. In this scenario, you will want to enable local as your backup.

Question 15

What configuration command enables AAA?

Answer 15

Sw1(config)# aaa new-model
Sw1(config)# aaa authentication login default group <radius></radius>

Question 16

What configuration command sets up tacacs/radius?

Answer 16

Sw1(config)# tacacs-server host <ip-addr> key <key><br></br>Sw1(config)# radius-server host <ip-addr> key <key></key></ip-addr></key></ip-addr>

Question 17

What configuration commands sets up dot1x aaa authentication with radius?

Answer 17

• Sw1(config)# dot1x system-auth-control (enables dot1x globally)
• Sw1(config)# aaa new-model
• Sw1(config)# aaa authentication dot1x default group radius
• Sw1(config-if)# switchport mode access (switchport must be access)
• Sw1(config-if)# dot1x port-control <auto></auto>

Question 18

What configuration command sets up a local fallback for AAA Authentication?

Answer 18

Sw1(config)# aaa authentication login default group <radius> *local*</radius>