Cisco Implementing Cisco Data Center Core Technologies (350-601 DCCOR) 350-601 Question # 48 Topic 5 Discussion
350-601 Exam Topic 5 Question 48 Discussion:
Question #: 48
Topic #: 5
The Cisco TACACS+ on a Cisco Nexus Series Switch must authenticate any user attempting to access the device and fail over to the local account if the TACACS+ server becomes unavailable. Which command accomplishes these goals?
A.
aaa authentication login default fallback error local
Option B is correct because on Cisco Nexus NX-OS, the command aaa authentication login default group < server-group > local creates the default login authentication method list and tells the switch to try the named AAA server group first, then fall back to the local user database if the AAA servers are unreachable or do not respond. Cisco’s NX-OS AAA documentation states that the default login method list is used for user logins, and that the group keyword points authentication to a configured TACACS+ or RADIUS server group. It also notes that local authentication is the fallback method unless that behavior is explicitly disabled. (Cisco)
The key reason the answer is B is the syntax: group ISE local means “authenticate with the TACACS+ server group named ISE first, then use local if the server is unavailable.” Option C uses only local authentication, so it does not use TACACS+ at all. Option D applies to console login configuration and is not the correct default user-login command. Option A is incorrect syntax for enabling this behavior; Cisco documents fallback error local as a behavior that is already present by default and can be disabled with the no form. (Cisco)
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit