ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-620 All Questions

View all questions & answers for the 300-620 exam
Go to Exam

Exam 300-620 topic 1 question 133 discussion

Actual exam question from Cisco's 300-620
Question #: 133
Topic #: 1
[All 300-620 Questions]

A network administrator configures AAA inside the Cisco ACI fabric. The authentication goes through the local users if the TACACS+ server is not reachable. If the Cisco APIC is out of the cluster, the access must be granted through the fallback domain. Which configuration set meets these requirements?

  • A. Ping Check: True -
    Default Authentication Realm: Local
    Fallback Check: True
  • B. Ping Check: True -
    Default Authentication Realm: TACACS+
    Fallback Check: False
  • C. Ping Check: False -
    Default Authentication Realm: Local
    Fallback Check: False
  • D. Ping Check: False -
    Default Authentication Realm: TACACS+
    Fallback Check: True
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Narbledeath at April 17, 2023, 8:14 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Riji88
3 weeks, 2 days ago
Selected Answer: D
“When fallback is required even if the APIC is out of the cluster, the Ping Check must be disabled and the fallback check must be enabled. The default realm should remain set to TACACS+ or RADIUS, depending on your external authentication system.” (DCACI 300-620 Official Cert Guide, Ch. 14)
upvoted 1 times
...
sailorsoul
1 year ago
Selected Answer: B
Fallback check must be false.
upvoted 2 times
sailorsoul
1 year ago
https://www.labminutes.com/dc0019_aci_aaa_radius_tacacs_3 12:20
upvoted 1 times
...
...
thinqtanklearningDOTcom
1 year, 8 months ago
Selected Answer: B
https://howtoaci.com/2018/05/21/tacacs-configuration-in-aci/ It is all documented here. And Cisco documentation also specifically states: Note: Make sure to leave/set the Fallback Check property to false. Setting the Fallback Check property to true may cause local logins to fail.
upvoted 2 times
...
Rododendron2
1 year, 8 months ago
Selected Answer: B
My tip is B Unclear what is supposed be the ping check Anyway Default Authentication Realm hall be TACACS+ and you shall not put fallback check on if required working fallback local authentication Note: Make sure to leave/set the Fallback Check property to false. Setting the Fallback Check property to true may cause local logins to fail. https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/b_KB_ACI-TACACS-config.html
upvoted 3 times
...
Rododendron2
1 year, 9 months ago
How is done AAA server check if enabled check, but icmp check disabled ? What is the "secret check" that will allow the APIC out of cluster switch to fallback authentication ?
upvoted 1 times
thinqtanklearningDOTcom
1 year, 8 months ago
Note: Make sure to leave/set the Fallback Check property to false. Setting the Fallback Check property to true may cause local logins to fail.
upvoted 1 times
...
...
Narbledeath
1 year, 9 months ago
Selected Answer: D
Correct https://community.cisco.com/t5/application-centric-infrastructure/should-you-always-be-able-to-login-using-fallback-domain/m-p/4502626
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel