When configuring AAA login authentication on CISCO routers, which two authentication methods should be used as the final method to ensure that the administrator can still log in to the router in case the external AAA server fails?

When configuring AAA login authentication on CISCO routers, which two authentication methods should be used as the final method to ensure that the administrator can still log in to the router in case the external AAA server fails? (Choose two)

A.
krb5

B.
local

C.
enable

D.
group RADIUS

E.
group TACAS+

Explanation:
If you use the ” aaa authentication default group tacacs +” command, and don’t include
either “enable” or “local”, you are fine, as long as the AAA server never dies or goes
offline. In this config , there’s no backup authentication method. By adding either “local”
or “enable” after the ‘default group tacacs +”, you instruct the router to first try the AAA
server, and if unsuccessful, allow either the enable password (or secret) or a local
username/password to suffice.

Show Hint

← Previous question

Next question →