Implementing Cisco Enterprise Advanced Routing and Services (ENARSI) — Question 244

The network administrator configured R1 to authenticate Telnet connections based on Cisco ISE using TACACS+. ISE has been configured with an IP address of 192.168.1.5 and with a network device pointing toward R1 (192.168.1.1) with a shared secret password of Cisco123.

The administrator has configured this on R1:

aaa new-model
!
tacacs server ISE1
address ipv4 192.168.1.5
key Cisco123
!
aaa group server tacacs+ TAC-SERV
server name ISE1
!
aaa authentication login telnet group TAC-SERV

The network administrator cannot authenticate to R1 based on ISE. Which configuration fixes the issue?

Answer options

• A. line vty 0 4 login authentication TAC-SERV
• B. tacacs-server host 192.168.1.5 key Cisco123
• C. ip tacacs-server host 192.168.1.5 key Cisco123
• D. line vty 0 4 login authentication telnet

Correct answer: D

Explanation

The correct answer is D because it specifies the login authentication method for the VTY lines, allowing Telnet connections to authenticate using the defined group. Options A, B, and C do not address the VTY line configuration necessary for Telnet access, which is crucial for establishing a successful authentication mechanism.