What must the network administrator enable on the AOS-Switches to ensure they comply with this plan?

A customer wants to authenticate AOS-Switch managers to a RADIUS server. The CIO wants to assign different rights to different management users for granular control over their rights and privileges. What must the network administrator enable on the AOS-Switches to ensure they comply with this plan?
A. RADIUS-based command authorization
B. a manager and operator password
C. authentication login privileges
D. SNMPv3 and SNMPv3 restricted access.

Download Printable PDF. VALID exam to help you PASS.

4 thoughts on “What must the network administrator enable on the AOS-Switches to ensure they comply with this plan?

  1. The correct answer is C.
    Authentication login privileges enabled the switch to accept VSA’s from the radius server that determines your rights/privileges.

    Radius-based command authorization is specific to TACACS+, and only verifies the commands you are allowed to use.

  2. “When using RADIUS-based command authorization on an ArubaOS switch, the list of commands that the user is authorized to run are supplied at authentication time. This is in contrast to TACACS+, where each command being run by the user is sent to the AAA server to be authorized.” https://www.arubanetworks.com/techdocs/ClearPass/6.8/Aruba_DeployGd_HTML/Content/HP%20Switch%20Integration/Switch_mgmt_RADIUS.htm

    “n the default RADIUS operation, the switch automatically admits any authenticated client to the login (operator) privilege level, even if the RADIUS server specifies enable (manager) access for that client. Thus, an authenticated user authorized for the manager privilege level must authenticate again to change privilege levels. Using the optional login privilege-mode command overrides this default behavior for clients with enable access. That is, with privilege-mode enabled, the switch immediately allows enable (manager) access to a client for whom the RADIUS server specifies this access level.”

    https://www.arubanetworks.com/techdocs/ClearPass/6.8/Aruba_DeployGd_HTML/Content/HP%20Switch%20Integration/Switch_mgmt_RADIUS.htm

    The correct answer is C.
    Authentication login privileges enabled the switch to accept VSA’s from the radius server that determines your rights/privileges.

    Radius-based command authorization is specific to TACACS+, and only verifies the commands you are allowed to use.

    1. “When using RADIUS-based command authorization on an ArubaOS switch, the list of commands that the user is authorized to run are supplied at authentication time. This is in contrast to TACACS+, where each command being run by the user is sent to the AAA server to be authorized.” https://www.arubanetworks.com/techdocs/ClearPass/6.8/Aruba_DeployGd_HTML/Content/HP%20Switch%20Integration/Switch_mgmt_RADIUS.htm

      “n the default RADIUS operation, the switch automatically admits any authenticated client to the login (operator) privilege level, even if the RADIUS server specifies enable (manager) access for that client. Thus, an authenticated user authorized for the manager privilege level must authenticate again to change privilege levels. Using the optional login privilege-mode command overrides this default behavior for clients with enable access. That is, with privilege-mode enabled, the switch immediately allows enable (manager) access to a client for whom the RADIUS server specifies this access level.”

      https://www.arubanetworks.com/techdocs/ClearPass/6.8/Aruba_DeployGd_HTML/Content/HP%20Switch%20Integration/Switch_mgmt_RADIUS.htm

      The correct answer is B.
      Authentication login privileges enabled the switch to accept VSA’s from the radius server that determines your rights/privileges.

      Radius-based command authorization is specific to TACACS+, and only verifies the commands you are allowed to use.

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.