Which configuration accomplishes this task?

The login method is configured on the VTY lines of a router with these parameters.

– The first method for authentication is TACACS

– If TACACS is unavailable, login is allowed without any provided credentials

Which configuration accomplishes this task?
A . R1#sh run | include aaa
aaa new-model
aaa authentication login VTY group tacacs+ none
aaa session-id common
R1#sh run | section vty
line vty 0 4
password 7 0202039485748
R1#sh run | include username
R1#
B . R1#sh run | include aaa
aaa new-model
aaa authentication login telnet group tacacs+ none
aaa session-id common
R1#sh run | section vty
line vty 0 4
R1#sh run | include username
R1#
C . R1#sh run | include aaa
aaa new-model
aaa authentication login default group tacacs+ none
aaa session-id common
R1#sh run | section vty
line vty 0 4
password 7 0202039485748
D . R1#sh run | include aaa
aaa new-model
aaa authentication login default group tacacs+
aaa session-id common
R1#sh run | section vty
line vty 0 4
transport input none
R1#

View Answer

Answer: C

Explanation:

According to the requirements (first use TACACS+, then allow login with no authentication), we have to use “aaa authentication login … group tacacs+ none” for AAA command.

The next thing to check is the if the “aaa authentication login default” or “aaa authentication login list-name” is used. The ‘default’ keyword means we want to apply for all login connections (such as tty, vty, console and aux). If we use this keyword, we don’t need to configure anything else under tty, vty and aux lines. If we don’t use this keyword then we have to specify which line(s) we want to apply the authentication feature.

From above information, we can find out answer ‘R1#sh run | include aaa aaa new-model

aaa authentication login default group tacacs+ none aaa session-id common

R1#sh run | section vty line vty 0 4

password 7 0202039485748

If you want to learn more about AAA configuration, please read our AAA TACACS+ and RADIUS Tutorial C Part 2.

For your information, answer ‘R1#sh run | include aaa aaa new-model

aaa authentication login telnet group tacacs+ none aaa session-id common

R1#sh run | section vty line vty 0 4

R1#sh run | include username

R1#’ would be correct if we add the following command under vty line (“line vty 0 4”): “login authentication telnet” (“telnet” is the name of the AAA list above)