Chapter 7 - AAA and ACS Server Flashcards Preview

Cisco CCNA Security (640-554) > Chapter 7 - AAA and ACS Server > Flashcards

Flashcards in Chapter 7 - AAA and ACS Server Deck (8):

What does TACACS+ stand for?

Terminal Access Control Access Control Server


What does RADIUS stand for?

Remote Authentication Dial-In User Service


What are some key differences between the way TACACS+ and RADIUS operate in regard to AAA?

  • TACACS separates all AAA functions into different elements. Radius combines authentication and authorization together.
  • TACACS is Cisco proprietary, RADIUS is an open standard
  • TACACS operates over Layer 4 via TCP, RADIUS uses UDP
  • TACACS encrypts all packets between the ACS server and  router. RADIUS only encrypts passwords.
  • TACACS has granular control over command authorization (which commands can be executed). RADIUS does not.
  • TACACS has basic accounting support, RADIUS has more extensive accounting capability.


When setting up AAA via an ACS server, what step should you always to do avoid getting locked out of a router?

Be sure to always configure a local user in case the ACS server becomes unreachable or is not yet configured.

(config)# username admin privilege 15 secret cisco


What command would tell a router to check an ACS server for authentication before trying the local database?

(config)# aaa authentication login AUTH_via_tacacs group tacacs+ local

  • (AUTH_via_tacacs is the method list name)
  • "group" indicates that authentication will try tacacs first, then the local database.


What command configures a router to authentication / authorize with an ACS server?

(config)# tacacs-server host key password123


What is the maximum amount of ways a user can be authenticated using method list?



What command must be issued on a router before any ACS functions can be used?

(confg)# aaa new-model