Which of the following statements is true regarding the aaa new-model command?
A. The aaa new-model command must be issued after enabling AAA authentication on a router.
B. The aaa new-model command has been deprecated in Cisco IOS versions 12.3 and later.
C. The aaa new-model command configures AAA to work only with TACACS+ servers.
D. The aaa new-model command must be issued prior to enabling AAA accounting on a router.
E. The aaa new-model command configures AAA to work only with RADIUS servers.
Explanation:
The aaa new-model command must be issued prior to enabling Authentication, Authorization, and Accounting (AAA) accounting on a router. AAA can be used to control access to a router or switch. Before configuring authentication, authorization, or accounting by using AAA, you must first issue the aaa new-model command to enable AAA on the device; the aaa authentication, aaa authorization, and aaa accounting commands cannot be issued until the aaa new-model command is issued. When the aaa new-model command is issued, local authentication is applied immediately to all router lines and interfaces; any existing authentication methods are superseded by the aaa new-model command. All future connection attempts will be authenticated by using the method defined in the aaa authentication command.
When implementing AAA, you can configure users to be authenticated against a local database, against a Remote Authentication Dial-In User Service (RADIUS) server, or against a Terminal Access Controller Access-Control System Plus (TACACS+) server. You are not limited to a single type of authentication with AAA. In addition to these features, the aaa new-model command must be issued to enable RADIUS Change of Authorization (CoA), which allows a RADIUS server to modify an established client session.
The aaa new-model command has not been deprecated in Cisco IOS versions 12.3 and later. This command is required in these versions of Cisco IOS in order to implement AAA on a router or a switch.
Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html#enabaaa