Implementing Cisco Enterprise Advanced Routing and Services (ENARSI) — Question 269

The network administrator must configure R1 to authenticate Telnet connections based on Cisco ISE using RADIUS. ISE has been configured with an IP address of 192.168.1.5 and with a network device pointing toward R1 (192.168.1.1) with a shared secret password of Cisco123.
The administrator has configured this on R1:

aaa new-model
!
radius server ISE1
address ipv4 192.168.1.5
key Cisco123
!
aaa group server tacacs+ RAD-SERV
server name ISE1
!
aaa authentication login default group RAD-SERV

The network administrator cannot authenticate to access R1 based on ISE. Which set of configurations fixes the issue?

Answer options

• A. line vty 0 4 login authentication RAD-SERV
• B. aaa group server tacacs+ ISE1 server name RAD-SERV
• C. aaa group server radius RAD-SERV server name ISE1
• D. line vty 0 4 login authentication default

Correct answer: C

Explanation

The correct answer is C because it correctly defines a RADIUS server group named RAD-SERV and associates it with the ISE server. Options A and D do not reference the proper server group, which is essential for authentication. Option B incorrectly uses tacacs+ instead of radius, which is not applicable in this scenario.