Home > AAA Questions

AAA Questions

September 4th, 2020 Go to comments

Question 1

Question 2

Question 3

Explanation

This command uses RADIUS which combines authentication and authorization in one function (packet).

Question 4

Question 5

Comments (5) Comments
  1. Anonymous
    September 6th, 2020

    Q5 correct should be A? anyone has an explanation?

  2. Anonymous
    September 7th, 2020

    Q5: aaa new-model may turn on AAA globally but it is not specific to CoA.
    I think A is correct, please advise.

  3. my_2_cents
    September 10th, 2020

    You can’t do A w/o B .
    Given that Cisco always like to play with their wording in their exams , I’d say B is the more appropriate answer here based on what the question asks , which is COMMAND to ENABLE AAA globally .
    Without it configured you can’t issue “aaa server radius dynamic-author” (which sets up the local AAA server for the dynamic authorization service). thanks

  4. Q2
    March 26th, 2021

    [spam_suspect][spam_point:2]Q2 correct answer is D

    @Admin, Please check

    https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/security/b-system-security-cr-ncs5500/802-1X-authentication-commands.pdf

    Router# show dot1x interface HundredGigE 0/0/1/0 detail
    Dot1x info for HundredGigE 0/0/1/0
    —————————————————————
    Interface short name : Hu0/0/1/0
    Interface handle : 0x4080
    Interface MAC : 021a.9eeb.6a59
    Ethertype : 888E
    PAE : Authenticator
    Dot1x Port Status : AUTHORIZED
    Dot1x Profile : test_prof
    L2 Transport : FALSE
    Authenticator:
    Port Control : Enabled
    Config Dependency : Resolved
    Eap profile : None
    ReAuth : Disabled
    Client List:
    Supplicant : 027E.15F2.CAE7
    Programming Status : Add Success
    Auth SM State : Authenticated
    Auth Bend SM State : Idle
    Last authen time : 2018 Dec 11 17:00:30.912

    Device# show dot1x all

    Sysauthcontrol Enabled
    Dot1x Protocol Version 2
    Dot1x Info for FastEthernet1
    ———————————–
    PAE = AUTHENTICATOR
    PortControl = AUTO
    ControlDirection = Both
    HostMode = MULTI_HOST
    ReAuthentication = Disabled
    QuietPeriod = 60
    ServerTimeout = 30
    SuppTimeout = 30
    ReAuthPeriod = 3600 (Locally configured)
    ReAuthMax = 2
    MaxReq = 2
    TxPeriod = 30
    RateLimitPeriod = 0
    Device-871#

  5. Q2
    April 1st, 2021

    Please ignore my previous comment, Q2 A is correct

Add a Comment