Q: 14
Refer to the exhibit.
Refer to the exhibit A network engineer is troubleshooting an AAA authentication issue for R1 from
R2 When an engineer tries to open a telnet connection to R1 it opens the connection but shows a
%Authorization failed error message on the terminal and closes the connection silently Which action
resolves the issue?
Refer to the exhibit A network engineer is troubleshooting an AAA authentication issue for R1 from
R2 When an engineer tries to open a telnet connection to R1 it opens the connection but shows a
%Authorization failed error message on the terminal and closes the connection silently Which action
resolves the issue?Options
Discussion
D . The fact that authentication works but you get '%Authorization failed' points to authorization rules on the TACACS+ server, not connectivity or host IP config. Usually means the user isn't allowed to start a shell session on R1. I'm not 100% sure, but similar issues in practice were always fixed by updating command authorization on the server. Someone double check?
Its D. Pretty sure the trap is option C but that would hit authentication not authorization. Seen similar on exam reports.
D tbh, C trips up folks but that would only fix an auth failure not an authorization error.
Not B, C. Had something like this in a mock, and option C usually relates to authentication phase not authorization. Pretty sure the fix should address how commands are authorized on the TACACS+ server, not host IPs.
Probably D. The '%Authorization failed' points to an issue on the TACACS+ server side, specifically with command or shell authorization for the user. Similar question came up in practice labs, and fixing server command permissions did the trick. Pretty sure about this, but chime in if you think C could apply.
Fixing the TACACS+ server's command authorization (D) is the move here. The error's after authentication, so reachability and host config aren't it. Authorization config on the server is usually where this hangs up. Anyone see C work in this scenario?
D . The error shows you get through authentication, but it's authorization that's failing. Pretty sure fixing the command set or permissions on the TACACS+ server does the trick here. Open to other thoughts though.
Definitely D. Since authentication isn't the problem, it's all about the TACACS+ server not permitting the requested commands for this user. Seen issues like this before, usually just needed to fix authorization profiles on the server. Agree?
Be respectful. No spam.
