Refer to the exhibit. A network administrator successfully logs in to a switch using SSH from a RADIUS server. When the network administrator uses a console port to access the switch, the RADIUS server returns shell:priv-lvl=15" and the switch asks to enter the enable command. When the command is entered, it gets rejected.
Which command set is used to troubleshoot and resolve this issue?
The configuration in the exhibit shows that the switch uses RADIUS servers for AAA (authentication, authorization, and accounting) services. The network administrator can access the switch through SSH, but when using the console port, the switch asks for the enable command, which gets rejected even after successful login. This suggests a problem with the authorization settings for the console port. To resolve this issue, you need to configure the switch to authorize the network administrator properly when accessing through the console port. The provided options include various configurations of the 'aaa authorization' commands. The option with the command set 'aaa authorization console authorization exec' under the console line configuration and 'transport input ssh' under the vty line configuration is the appropriate choice. This setup ensures that users logging in via the console port are properly authorized at the exec level, aligning with the implied requirement that the administrator should have privileged access. Therefore, this command set addresses both the authorization for the console and maintaining the same SSH configuration for remote access.
"aaa authorization console" is a global command, so we won't apply it under the line configuration. "authorization exec" is only a partial command combiened with an authorization list (global). D is closest.
We need to enable aaa auth console and auth exec for console and D has them. I do not understand why the vty conf is repeated in D but is the only answer that resolves the issue.
Which command set is used to troubleshoot and resolve this issue? The issue is that the user cannot start an exec level session on the switch the command to allow that is: aaa authorization exec default group <group-name> (RADIUS-SERVERS) this command is already configured in the picture provided, so now configure it on the line con 0 with: (c-line) authorization exec default Option D is the only answer that resembles that command
Almost sure it is D, but the command is a bit broken, D: "line con 0 aaa authorization console authorization exec ! line vty 0 4 transport input ssh " It needs to be: 1. globally enable authorization on console: aaa authorization console 2. move to line console 0: line con 0 3. Set the group to be used for authorization (note default is missing in the answer): authorization exec default 4. Go to line vty 0 4 (will set the same twice on next step): line vty 0 4 5. setting transport again to ssh: transport input ssh Note that "console authentication == DISABLED by default": more info https://flylib.com/books/en/1.233.1.74/1/ So concluding, answer is bad quality, but D seems best of them.
option D: https://itexamanswers.net/question/refer-to-the-exhibit-a-network-administrator-successfully-logs-in-to-a-switch-using-ssh-from-a-radius-server-when-the-network-administrator-uses-a-console-port-to-access-the-switch-the-radius-server
D is correct
I actually prefer B. SSH has no problem login, so the authorisation for vty must work. B has vty authorisation exec which is the default authorisation rule, and console authentication should work already, so just need to enable aaa authorisation console, and line console 0 thus can be empty configured
can anyone explain this?
I think the ans is B
I had to Lab this to understand it. Of the answers provided, none are correct! aaa commands aren't supported directly on the lines and that for this scenario to work the Global Command aaa authorization console needed to be added to the configuration!
300-410 ENARSI have many confuse question for me .... oh my god