Chapter 7 - AAA and ACS Server Flashcards Preview

Cisco CCNA Security (640-554) > Chapter 7 - AAA and ACS Server > Flashcards

Flashcards in Chapter 7 - AAA and ACS Server Deck (8):
1

What does TACACS+ stand for?

Terminal Access Control Access Control Server

2

What does RADIUS stand for?

Remote Authentication Dial-In User Service

3

What are some key differences between the way TACACS+ and RADIUS operate in regard to AAA?

  • TACACS separates all AAA functions into different elements. Radius combines authentication and authorization together.
  • TACACS is Cisco proprietary, RADIUS is an open standard
  • TACACS operates over Layer 4 via TCP, RADIUS uses UDP
  • TACACS encrypts all packets between the ACS server and  router. RADIUS only encrypts passwords.
  • TACACS has granular control over command authorization (which commands can be executed). RADIUS does not.
  • TACACS has basic accounting support, RADIUS has more extensive accounting capability.

4

When setting up AAA via an ACS server, what step should you always to do avoid getting locked out of a router?

Be sure to always configure a local user in case the ACS server becomes unreachable or is not yet configured.

(config)# username admin privilege 15 secret cisco

5

What command would tell a router to check an ACS server for authentication before trying the local database?

(config)# aaa authentication login AUTH_via_tacacs group tacacs+ local

  • (AUTH_via_tacacs is the method list name)
  • "group" indicates that authentication will try tacacs first, then the local database.

6

What command configures a router to authentication / authorize with an ACS server?

(config)# tacacs-server host 192.168.1.251 key password123

7

What is the maximum amount of ways a user can be authenticated using method list?

Four

8

What command must be issued on a router before any ACS functions can be used?

(confg)# aaa new-model