Home > Archive > Cisco Security exams > May 2004 > Had problem with 642-501





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Had problem with 642-501
frankccc

2004-04-24, 2:51 pm

I just took the 642-501 test and failed with a 844, 860 needed to pass. However I could not complete one of the simulations.

This is how I entered the commands but the test would not take them
# config t
(config)# aaa new-model
(config)# tacacs-server host 10.10.1.2 (config)# tacacs-server key cisco
(config)# tacacs-server host 10.10.1.3 (config)# tacacs-server key ciscosecure

I typed tacacs-server host 10.10.1.2 cr<
and it took it than I
entered the line:
tacacs-server key cisco
the test would say KEY not supported in this simulation.
however if I typed tacacs-server ?
Key was there as a available commands. I alerted the test proctor and proceeded with the test but missed by 16 points. I know this question caused me to fail. Does anyone know what I might have done wrong? Do I have any recourse with Vue or Cisco?

PS,
Does anyone know the answer to this question?

Which error message indicates that ISAKMP peers failed protection suite negotiation
for ISAKMP?

A. %CRYPTO-6-IKMP_SA_AUTH: Can accept Quick Mode exchange from % 15i if SA is authenticated!
B. %CRYPTO-6-IKMP_SA_OFFERED: Remote peer % 15i responded with attribute
[chars] offered and changed.
C. %CRYPTO-6-IKMP_SA_NOT_OFFERED: Remote peer % 15i responded with
attribute [chars] not offered or changed.
D. %CRYPTO-6-IKMP_SA_NOT_AUTH: Cannot accept Quick Mode exchange from
% 15i if SA is not authenticated.

Please reply if you can help.

Thanks,
Frank




forbesl

2004-04-24, 6:40 pm

Nope,

No recourse with Vue or Cisco. You just didn't do it the right way.
s2kfan

2004-04-26, 5:09 am

yup, you did it wrong.
ITSecguy

2004-04-26, 5:52 am

Hi I took the exam the same day and scored 844 as well. I had the same two questions you have asked. My approach was same too for configurinf tacas-server and key, it didnot allow me to. What is the right wy to do it if you know also what is the answer to the question you had? My email ID is prathap2@yahoo.com. Please email me we can help each other. I am taking this test sometime soon again.
rbpal

2004-04-26, 8:52 am


This is how I entered the commands but the test would not take them
# config t
(config)# aaa new-model
(config)# tacacs-server host 10.10.1.2
(config)# tacacs-server key cisco
(config)# tacacs-server host 10.10.1.3
(config)# tacacs-server key ciscosecure
………………….


This could be the solution. Please note the difference

R1#config t
Enter configuration commands, one per line. End with CNTL/Z.


R1(config)#tacacs-server host 10.10.1.2
R1(config)#tacacs-server key cisco123
R1(config)#tacacs-server host 10.10.1.3
R1(config)#tacacs-server key mysecret
R1(config)#exit
R1#s
*Mar 8 18:26:43.777: %SYS-5-CONFIG_I: Configured from console by console
R1#show run
Building configuration...
.
.
tacacs-server host 10.10.1.2
tacacs-server host 10.10.1.3
tacacs-server directed-request
tacacs-server key mysecret
.
end

See the difference above. This is how we have to type in the command in exam

R1#config t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#tacacs-server host 10.10.1.3 key cisco123
R1(config)#tacacs-server host 10.10.1.2 key mysecr ret
R1(config)#exit

R1#show run
Building configuration...

Current configuration : 1256 bytes

tacacs-server host 10.10.1.3 key cisco123
tacacs-server host 10.10.1.2 key mysecret
tacacs-server directed-request
tacacs-server key mysecret
radius-server authorization permit missing Service-Type
!
line con 0
exec-timeout 0 0

end

R1#

Hope this works.

Good luck to all.

rbpal
s2kfan

2004-04-26, 12:10 pm

What are you guys using as study material?
If you were specifying a radius and tacacs you could do it in two lines first host then key. Since it's 2 tacacs servers do it in one line like rbpal second example.

Usually and possibly always the only time you would be able to do something like this in sequence would be if the prompt changes.

i.e. config prompt to config-if, like if you were configuring two interfaces.

In the first example you just overwrote the key. Do a show run on a real device and look what happens?
ITSecguy

2004-04-26, 11:59 pm

I have been using Sybex Study material and there were questions in the test that were nowhere in the book.
Kartemy

2004-05-16, 7:56 pm

I've looked into this a bit and found that the tacacs server address and key must be configured on the same line. Specifying the "key" on a separate line configure that key for "...all TACACS+ communications between the access server and the TACACS+ daemon, use the tacacs-server key command in global configuration mode.", according to Cisco's online command reference (http://tinyurl.com/2jmg2).

That being the case, the second "key" command in the first example (the one that didn't work) was overwriting the first "key" command, as someone previously stated.
Sponsored Links





Free Braindumps | MCSE braindumps software forum

Copyright 2003 - 2008 examnotes.net