Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 184

A network engineer has recently configured a remote branch router to authenticate to a centralized Cisco ISE server behind the corporate firewall using TACACS+. After making this configuration change, the engineer opened another SSH session to the router in order to verity that login attempts are now being sent to Cisco ISE, however that login attempt was unsuccessful. There are no connection attempts showing in the TACACS live log in Cisco ISE and the firewall administrator has verified that they see syslog and SNMP traffic destinated for the IP address of Cisco ISE, but no TACACS+ traffic. Which misconfiguration is the cause of the failed login?

Answer options

• A. The router is missing a route to the Cisco ISE server.
• B. The tacacs source-interface command on the router references the wrong interface.
• C. No hosts have been defined under the aaa server group on the router.
• D. The shared secret entered on the router for the Cisco ISE server is incorrect.

Correct answer: C

Explanation

The correct answer is C because if no hosts are defined in the aaa server group on the router, it won't know where to send the TACACS+ authentication requests. Option A is incorrect as the presence of syslog and SNMP traffic indicates routing is not an issue. Option B would affect the source interface but not the ability to send requests, and Option D would result in a different error message related to authentication failure rather than no attempts being logged.