CCNP Security Question of the Week: IP Admission Configuration

June 19, 2015 Johnny Bass Cisco, Cloudera, Featured, Professional Development, Project Management, Routing & Switching, Technology, Training in Business

Refer to the exhibit below. Assuming that all other supporting configurations are correct, what can be determined from the partial IP admission configuration shown?

aaa new-model

aaa authentication login default local

aaa authorization auth-proxy default local

aaa attribute list SUPERUSER-ATTRS

 attribute type supplicant-group ”SUPERUSER”

username power1 privilege secert thi3fftv4

username power1 aaa attribute SUPERUSER-ATTRS

ip admission name USER-AUTH proxy http inactivity-time 60

ip http server

interface gi0/0

 ip admission USER-AUTH

 zone-member security OUTSIDE

A. The router will forward authentication requests to an AAA server for authentication and authorization.
B. The attribute type supplicant-group “SUPERUSER” configuration can be used to match criteria in the “inspect” class-map type using the match access-group option.
C. The local user password is thl3F4ftvA.
D. The router will intercept incoming HTTP sessions on interface G0/0 for authentication.
E. The SUPERUSER’s privilege level is being restricted.

Reveal Answer

Answer: D.

The ip admission command on interface gi0/0 is used to apply a layer 3 admission control rule to an interface. Based on the global configuration, the incoming user will have to authenticate before being allowed to proceed.

Related Resources
Cisco White Papers

Related Course
CCNP Security e-Camp

Please support our Sponsors here :