S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
16-3
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
Chapter 16 Configuring AAA
Information About AAA
Remote AAA Services
Remote AAA services provided through RADIUS and protocols have the following
advantages over local AAA services:
•
User password lists for each Nexus 5000 Series switch in the fabric are easier to manage.
•
AAA servers are already deployed widely across enterprises and can be easily used for AAA
services.
•
The accounting log for all switches in the fabric can be centrally managed.
•
User attributes for each switch in the fabric than using the local databases on the switches are easier
to manage.
AAA Server Groups
You can specify remote AAA servers for authentication, authorization, and accounting using server
groups. A server group is a set of remote AAA servers that implement the same AAA protocol. The
purpose of a server group is to provide for failover servers in case a remote AAA server fails to respond.
If the first remote server in the group fails to respond, the next remote server in the group is tried until
one of the servers sends a response. If all the AAA servers in the server group fail to respond, then that
server group option is considered a failure. If required, you can specify multiple server groups. If a
Nexus 5000 Series switch encounters errors from the servers in the first group, it tries the servers in the
next server group.
AAA Service Configuration Options
On Nexus 5000 Series switches, you can have separate AAA configurations for the following services:
•
User Telnet or Secure Shell (SSH) login authentication
•
Console login authentication
•
User management session accounting
Table 16-1
lists the CLI commands for each AAA service configuration option.
.
You can specify the following authentication methods for the AAA services:
•
RADIUS server groups—Uses the global pool of RADIUS servers for authentication.
•
Specified server groups—Uses specified RADIUS or server groups for authentication.
•
Local—Uses the local username or password database for authentication.
•
None—Uses only the user name.
Table 16-1
AAA Service Configuration Commands
AAA Service Configuration Option
Related Command
Telnet or SSH login
aaa authentication login default
Console login
aaa authentication login console
User session accounting
aaa accounting default
Summary of Contents for N5010P-N2K-BE
Page 50: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 102: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 240: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 312: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 400: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 418: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 436: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 658: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...