Home > AAA Questions 3

AAA Questions 3

November 16th, 2018 in SWITCH 300-115 Go to comments

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7


The LDAP is an open, vendor-neutral, industry standard application protocol to access and maintain distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in the development of intranet and Internet applications as they allow the sharing of information about users, systems, networks, services, and applications throughout the network.

On Cisco IOS headends, the “memberOf” AD attribute is mapped to the Authentication, Authorization, and Accounting (AAA) attribute supplicant-group.

Reference: https://www.cisco.com/c/en/us/support/docs/security/ios-sslvpn/118695-config-sslvpn-00.html

Question 8


To configure the network access server to recognize and use vendor- specific attributes, use the radius-server vsa send command in global configuration mode. With additional “authentication” keyword, we limits the set of recognized vendor-specific attributes to only authentication attributes.

Question 9

Question 10

Question 11


With TACACS+, authentication, authorization and accouting are separated while with RADIUS authentication and authorization are combined in one function

Question 12 (maybe same question as Q.9 https://www.certprepare.com/aaa-questions-2)


Authentication with a remote security database:

You must first populate the remote security database with user profiles for each remote user who might log in. You must also configure the network access server (or other network equipment) to interoperate with the remote security database for AAA services. The AAA process with a remote security database is as follows:

1. User establishes a PPP connection with the network access server.
2. The network access server prompts the user for the username and password, and the user responds.
3. The network access server passes the username and password to the security server.
4. The remote security database authenticates and authorizes the user to access the network. The database in effect configures the network access server with authentication parameters by downloading commands and activating access lists in the network access server.
5. The network access server compiles accounting records as specified in the remote security database and sends the records to the security server. The security server may also compile accounting records.

Reference: http://www.ciscopress.com/articles/article.asp?p=25471&seqNum=6

  1. No comments yet.
  1. No trackbacks yet.