[TABS_R id=8782]
Which of the following statements is true regarding the aaa new-modelcommand? (Select the best answer.)
- The aaa new-model command must be issued prior to enabling AAA accounting on a router.
- The aaa new-model command must be issued after enabling AAA authentication on a router.
- The aaa new-model command configures AAA to work only with RADIUS servers.
- The aaa new-model command configures AAA to work only with TACACS+ servers.
- The aaa new-model command has been deprecated in Cisco IOS versions 12.3 and later.
Explanation:
The aaa new-model command must be issued prior to enabling Authentication, Authorization, and Accounting (AAA) accounting on a router. AAA can be used to control access to a router or switch. Before configuring authentication, authorization, or accounting using AAA, you must first issue the aaa new-model command to enable AAA on the device? the aaa authentication, aaa authorization, and aaa accounting commands cannot be issued until the aaa new-model command is issued. When the aaa new-model command is issued, local authentication is applied immediately to all router lines and interfaces? any existing authentication methods are superseded by the aaa new-model command. All future connection attempts will be authenticated using the method defined in the aaa authentication command.
When implementing AAA, you can configure users to be authenticated against a local database, against a Remote Authentication DialIn User Service (RADIUS) server, or against a Terminal Access Controller Access Control System Plus (TACACS+) server. You are not limited to a single type of authentication with AAA.
The aaa newmodel command has not been deprecated in Cisco IOS versions 12.3 and later. This command is required in these versions of Cisco IOS in order to implement AAA on a router or a switch.
[TABS_R id=8782]