Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 206

An administrator is adding a new switch onto the network and has configured AAA for network access control. When testing the configuration, the RADIUS authenticates to Cisco ISE but is being rejected. Why is the ip radius source-interface command needed for this configuration?

Answer options

• A. Only requests that originate from a configured NAS IP are accepted by a RADIUS server.
• B. The RADIUS authentication key is transmitted only from the defined RADIUS source interface.
• C. RADIUS requests are generated only by a router if a RADIUS source interface is defined.
• D. Encrypted RADIUS authentication requires the RADIUS source interface be defined.

Correct answer: A

Explanation

The correct answer is A because RADIUS servers only accept authentication requests from known NAS IP addresses, which are defined by the source interface. The other options are incorrect as the RADIUS authentication key is not limited to the source interface, RADIUS requests can be generated by various devices, and encryption does not specifically require a defined source interface.