Which events will occur when the TACACS+ server returns an error?

If a router configuration includes the line aaa authentication login default group tacacs+ enable, which events will occur when the TACACS+ server returns an error? (Choose two.)
A. The user will be prompted to authenticate using the enable password
B. Authentication attempts to the router will be denied
C. Authentication will use the router`s local database
D. Authentication attempts will be sent to the TACACS+ server

cisco-exams

2 thoughts on “Which events will occur when the TACACS+ server returns an error?

  1. I don’t believe this is the correct answer. The key statement is “attempts to the router will be denied” which means authentication attempts are done. As stated in the explanation the user will be denied only if the response is FAIL and the response here is ERROR. This means “This pattern would continue through the remaining designated methods until the user is either authenticated or rejected, or until the session is terminated.” Therefor there should be no “denied” access until there is a clear FAIL response, the authentication will continue to use the “enable” (which is answer A), and since it is the “enable” password is a local configuration it should use the local database to check if it is correct. I believe the answer should be A and C.

    1. I believe A and B are correct. C makes the assumption the local database is configured as an authentication mechanism. The only authentication mechanisms we are know for sure are the ones listed in the config line we are given “aaa authentication login default group tacacs+ enable” which makes no mention of the local database. The authentication attempt has already been sent to the TACACS+ Server, which returned the error, therefore D makes no sense.

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.