Implementing Cisco Application Centric Infrastructure (DCACI) — Question 300

A Cisco ACI fabric is configured with these objects:
• login domain named Domain_1
• TACACS+ provider group named Tacacs_ProvGro
• TACACS+ server IP 10.43.145.1

Which action set allows users to log in to Cisco APIC using TACACS user credentials without setting the domain to Domain_1 for each login?

Answer options

• A. Add IP 10.43.145.1 under Tacacs_ProvGro. Associate Tacacs_ProvGro to Domain_1. Set realm to TACACS+ under default AAA authentication.
• B. Add IP 10.43.145.1 under default AAA authentication. Associate Tacacs_ProvGro to Domain_1. Set realm to local under Tacacs_ProvGro.
• C. Add IP 10.43.145.1 under Tacacs_ProvGro. Associate Tacacs_ProvGro to default AAA authentication. Set realm to TACACS+ under default AAA authentication.
• D. Add IP 10.43.145.1 under Domain_1. Associate Tacacs_ProvGro to Domain_1. Set realm to local under default AAA authentication.

Correct answer: C

Explanation

Option C is correct because it associates the TACACS+ provider group with the default AAA authentication, allowing users to authenticate using TACACS credentials without needing to specify the domain each time. The other options either incorrectly link the IP address or set the authentication realm in a way that does not support TACACS+ effectively.