Refer to the below. Which statement about this debug output is true?
A. The requesting authentication request came from username GETUSER.
B. The TACACS+ authentication request came from a valid user.
C. The TACACS+ authentication request passed, but for some reason the user’s connection was closed immediately.
D. The initiating connection request was being spoofed by a different source address.
Cacha is right. TACACS closed the AUTH connection since the authentication is successful.
The SSH connection is open between the user and the remote client, TACACS does not care anymore.
B is the correct answer.
TAC+: Closing TCP/IP means the Single connect mode is not enable, and the TACACS server is opening and closing a different communication channel for each request (any command you enter).
This does not mean the actual SSH or telnet connection is closed
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html
and why not “C” ?
B is the correct answer.
TAC+: Closing TCP/IP means the Single connect mode is not enable, and the TACACS server is opening and closing a different communication channel for each request (any command you enter).
This does not mean the actual SSH or telnet connection is closed
https://books.google.com/books?id=8O15SOU9ZMEC&pg=PA145&lpg=PA145&dq=TAC%2B:+Closing+TCP/IP++connection&source=bl&ots=VGesOOr3sh&sig=ACfU3U3rlkIRW4wxlZL95UTprGyaLdgicw&hl=en&sa=X&ved=2ahUKEwjr2bbvwtXiAhXKY98KHcVsAngQ6AEwBXoECAkQAQ#v=onepage&q=TAC%2B%3A%20Closing%20TCP%2FIP%20%20connection&f=false
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html