Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?
Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?
To enable authentication, authorization, and accounting (AAA) globally on a Cisco device, the command 'aaa new-model' must be used. This command is essential as it provides the foundational framework for AAA functionalities, including the support for Change of Authorization (CoA). Without this command, other AAA-related commands, such as configuring specific RADIUS server settings, cannot be executed. Therefore, to enable AAA globally and ensure that CoA can be supported, the correct command is 'aaa new-model'.
aaa new-model Enables authentication, authorization, and accounting (AAA) globally. aaa server radius dynamic-author Sets up the local AAA server for the dynamic authorization service, which must be enabled to support the CoA functionality to push the policy map in an input and output direction, and enters dynamic authorization local server configuration mode. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html
Guys, you need reverse logic here. > if you issue an "aaa new-model" you dont have CoA support as is disabled by default on all devices. > if you issue "aaa server radius dynamic-author" this will activate CoA globally (assuming that aaa new-model is already there)
... and says "so that CoA >>IS<< supported..." so the command activated CoA. If the Q wording was different i.e. "... so that to be able to support CoA..." , then the right answer would be C "aaa new-model" (but not with the above wording, which makes A the correct answer).
Tried now You cant use the command "aaa server radius dynamic-author" without using "aaa new model" first. Suggesting that You have to first issue aaa new model to allow AAA globally on the switch so the COA is supported (so that You can put in the server command and anything else)
aaa new-model Enables authentication, authorization, and accounting (AAA) globally I think the aaa server radius dynamic-author command has to be enabled globally to support the CoA
Exactly what Ampersand and Jessie45785 said
A is correct answer don't be fooled: Proof: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-xe-3se-3850-cr-book/sec-a1-xe-3se-3850-cr-book_chapter_01.html#wp4234596077 aaa new-model: To enable the authentication, authorization, and accounting (AAA) access control model, issue the aaa new-model command in global configuration mode. To disable the AAA access control model, use the no form of this command. aaa server radius dynamic-author: ( to facilitate interaction with an external policy server) To configure a device as an authentication, authorization, and accounting (AAA) server to facilitate interaction with an external policy server, use the aaa server radius dynamic-authorcommand in global configuration mode. To remove this configuration, use the no form of this command.
So both commands, "aaa new-model" and "aaa server radius dynamic-author," can be used to enable CoA on a Cisco device, but they serve different purposes. The "aaa new-model" command is used to enable AAA globally on the device, while the "aaa server radius dynamic-author" command is used to configure a RADIUS server for dynamic authorization.
I prefer C
AAA new-model https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html#GUID-D996C01F-5F53-4B48-87E3-4820DB15C02A
To enable AAA, you need to configure the 'aaa new-model' command in global configuration mode. Until this command is enabled, ALL OTHER AAA commands are hidden. https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html
It's C. you cannot enable anything without first issuing "aaa new-model". So all AAA commands are not available befor you add "aaa new-model" therefor the answer is C
simple.. dynamic author enables COA , aaa new model permits COA to be enabled.. C ir the correct.
Answer C
Step 3 aaa new-model Example: Device(config)# aaa new-model Enables authentication, authorization, and accounting (AAA) globally. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html
It's C. Cisco states that Step 3: aaa new-model "Enables authentication, authorization, and accounting (AAA) globally." This command goes before Step 4: aaa server radius dynamic-author, which "Enters dynamic authorization local server configuration mode and specifies a RADIUS client from which a device accepts Change of Authorization (CoA) and disconnect requests. Configures the device as a AAA server to facilitate interaction with an external policy server." So the command aaa new-model is needed BEFORE aaa server radius dynamic-author, in order for it to function. Answer is C. Source: Cisco RADIUS Change of Authorization paper - https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/xe-16-10/sec-usr-aaa-xe-16-10-book/sec-rad-coa.pdf
aaa server radius dynamic-author does not enable aaa globally. Therefore C
definitely C