Implementing Cisco Application Centric Infrastructure (DCACI) — Question 132

A network administrator configures AAA inside the Cisco ACI fabric. The authentication goes through the local users if the TACACS+ server is not reachable. If the Cisco APIC is out of the cluster, the access must be granted through the fallback domain. Which configuration set meets these requirements?

Answer options

• A. Ping Check: True - Default Authentication Realm: Local Fallback Check: True
• B. Ping Check: True - Default Authentication Realm: TACACS+ Fallback Check: False
• C. Ping Check: False - Default Authentication Realm: Local Fallback Check: False
• D. Ping Check: False - Default Authentication Realm: TACACS+ Fallback Check: True

Correct answer: B

Explanation

The correct answer is B because it allows for authentication via TACACS+ while ensuring that the fallback check is disabled, which aligns with the requirement that local users should only be the backup if TACACS+ is unreachable. Options A and C incorrectly set the fallback check or the default authentication realm, while D fails to meet the requirement of allowing local users as a fallback when the APIC is out of the cluster.