AAA Questions
September 4th, 2020
Go to comments
Question 1
Question 2
Question 3
Explanation
This command uses RADIUS which combines authentication and authorization in one function (packet).
Question 4
Question 5
Q5 correct should be A? anyone has an explanation?
Q5: aaa new-model may turn on AAA globally but it is not specific to CoA.
I think A is correct, please advise.
You can’t do A w/o B .
Given that Cisco always like to play with their wording in their exams , I’d say B is the more appropriate answer here based on what the question asks , which is COMMAND to ENABLE AAA globally .
Without it configured you can’t issue “aaa server radius dynamic-author” (which sets up the local AAA server for the dynamic authorization service). thanks
[spam_suspect][spam_point:2]Q2 correct answer is D
@Admin, Please check
https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/security/b-system-security-cr-ncs5500/802-1X-authentication-commands.pdf
Router# show dot1x interface HundredGigE 0/0/1/0 detail
Dot1x info for HundredGigE 0/0/1/0
—————————————————————
Interface short name : Hu0/0/1/0
Interface handle : 0x4080
Interface MAC : 021a.9eeb.6a59
Ethertype : 888E
PAE : Authenticator
Dot1x Port Status : AUTHORIZED
Dot1x Profile : test_prof
L2 Transport : FALSE
Authenticator:
Port Control : Enabled
Config Dependency : Resolved
Eap profile : None
ReAuth : Disabled
Client List:
Supplicant : 027E.15F2.CAE7
Programming Status : Add Success
Auth SM State : Authenticated
Auth Bend SM State : Idle
Last authen time : 2018 Dec 11 17:00:30.912
Device# show dot1x all
Sysauthcontrol Enabled
Dot1x Protocol Version 2
Dot1x Info for FastEthernet1
———————————–
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = MULTI_HOST
ReAuthentication = Disabled
QuietPeriod = 60
ServerTimeout = 30
SuppTimeout = 30
ReAuthPeriod = 3600 (Locally configured)
ReAuthMax = 2
MaxReq = 2
TxPeriod = 30
RateLimitPeriod = 0
Device-871#
Please ignore my previous comment, Q2 A is correct