Config Router

You are here: Home / Cisco / CCSP SECUR FAQ : Configuring RADIUS and TACACS+ on Cisco IOS Software

CCSP SECUR FAQ : Configuring RADIUS and TACACS+ on Cisco IOS Software

by

CCSP SECUR FAQ : Configuring RADIUS and TACACS+ on Cisco IOS Software

Q1. Which of the following is the command to specify the TACACS+ server on the access server?
A. tacacs-server host
B. tacacs host
C. server tacacs+
D. server host

Answer: A

Q2. Which is the default port that is reserved for TACACS?
A. UDP 49
B. TCP 49
C. UDP 1046
D. TCP 1046

Answer: B

Q3. Which of the following commands enables you to verify or troubleshoot a RADIUS configuration on a network access server?
A. show radius
B. debug radius
C. debug radius-server
D. verify radius

Answer: B

Q4. What is the significance of the tacacs-server key command?
A. It specifies an encryption key that will be used to encrypt all exchanges between the access server and the TACACS+ server.
B. It is used to specify a special text when the user logs in to the access server.
C. It is an optional configuration and not required in the TACACS+ configuration.
D. It uniquely identifies the TACACS+ server.

Answer: A

Q5. Which of the following commands identifies a RADIUS server in a RADIUS configuration?
A. radius-server host
B. radius-host
C. server radius+
D. server host

Answer: A

Q6. Which of the following are the basic steps that are required to configure RADIUS on Cisco IOS Software?
A. Enable AAA.
B. Create an access list.
C. Identify RADIUS server.
D. Define the method list using AAA authentication.

Answer: A, C, D

Q7. Which of the following commands deletes the RADIUS server with IP address 10.2.100.64 from a router configuration?
A. del radius-server host 10.2.100.64
B. remove radius-server host 10.2.100.64
C. no radius-server host 10.2.100.64
D. disable radius-server host 10.2.100.64

Answer: C

Q8. Which of the following is the default port used by RADIUS?
A. TCP 1685
B. UDP 1645
C. TCP 1645
D. UDP 1685

Answer: B

Q9. What is the command that specifies a TACACS server?

Answer: tacacs-server host

Q10. Give two commands to test and verify your RADIUS configuration?

Answer: debug radius, debug aaa authentication

Q11. What is the purpose of the tacacs-server key command?

Answer: The tacacs-server key command specifies the encryption key that will be used.

Q12. What is the purpose of the keyword local in the following configuration line?
aaa authentication ppp test1 tacacs local

Answer: Keyword local indicates that authentication is attempted using the local database on the router if the TACACS server returns an error.

Q13. Is it possible to change the default port used by RADIUS authentication?

Answer: Yes. The command radius-server host {hostname|ip address} {auth-port portnumber} can change the default port 1645.

Q14. What is the command to delete the RADIUS server configuration?

Answer: no radius-server host

Q15. What is the command to enable network-level authorization to use a TACACS+ server?

Answer: aaa authorization network tacacs

Q16. Which testing and verifying command used for TACACS+ produces a substantial amount of output?

Answer: debug tacacs events

Q17. What is the default port that is reserved for TACACS?

Answer: The default port reserved for TACACS is TCP 49.

Q18. Is it possible to have both RADIUS and TACACS configuration on a single router/NAS?

Answer: A single router can have both RADIUS and TACACS server configured.

More Resources