S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
16-4
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
Chapter 16 Configuring AAA
Information About AAA
Note
If the method is for all RADIUS servers, instead of a specific server group, the Nexus 5000 Series
switches choose the RADIUS server from the global pool of configured RADIUS servers in the order of
configuration. Servers from this global pool are the servers that can be selectively configured in a
RADIUS server group on the Nexus 5000 Series switches.
Table 16-2
describes the AAA authentication methods that you can configure for the AAA services.
Note
For console login authentication, user login authentication, and user management session accounting,
the Nexus 5000 Series switches try each option in the order specified. The local option is the default
method when other configured options fail.
Authentication and Authorization Process for User Login
Figure 16-1
shows a flowchart of the authentication and authorization process for user login. The
following process occurs:
1.
When you log in to the required Nexus 5000 Series switch, you can use the Telnet, SSH, Fabric
Manager or Device Manager, or console login options.
2.
When you have configured the AAA server groups using the server group authentication method,
the Nexus 5000 Series switch sends an authentication request to the first AAA server in the group
as follows:
a.
If the AAA server fails to respond, then the next AAA server is tried and so on until the remote
server responds to the authentication request.
b.
If all AAA servers in the server group fail to respond, then the servers in the next server group
are tried.
c.
If all configured methods fail, then the local database is used for authentication.
3.
If the Nexus 5000 Series switches successfully authenticate you through a remote AAA server, then
the following possibilities apply:
a.
If the AAA server protocol is RADIUS, then user roles specified in the cisco-av-pair attribute
are downloaded with an authentication response.
b.
If the AAA server protocol is , then another request is sent to the same server to get
the user roles specified as custom attributes for the shell.
4.
If your username and password are successfully authenticated locally, the Nexus 5000 Series switch
logs you in and assigns you the roles configured in the local database.
Table 16-2
AAA Authentication Methods for AAA Services
AAA Service
AAA Methods
Console login authentication
Server groups, local, and none
User login authentication
Server groups, local, and none
User management session
accounting
Server groups and local
Summary of Contents for N5010P-N2K-BE
Page 50: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 102: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 240: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 312: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 400: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 418: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 436: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 658: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...