S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
18-2
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
Chapter 18 Configuring
Information About
•
Server Monitoring, page 18-3
Advantages
has the following advantages over RADIUS authentication:
•
Provides independent AAA facilities. For example, the Nexus 5000 Series switch can authorize
access without authenticating.
•
Uses the TCP transport protocol to send data between the AAA client and server, making reliable
transfers with a connection-oriented protocol.
•
Encrypts the entire protocol payload between the switch and the AAA server to ensure higher data
confidentiality. The RADIUS protocol only encrypts passwords.
User Login with
When a user attempts a Password Authentication Protocol (PAP) login to a Nexus 5000 Series switch
using , the following actions occur:
1.
When the Nexus 5000 Series switch establishes a connection, it contacts the daemon to
obtain the username and password.
Note
allows an arbitrary conversation between the daemon and the user until the daemon
receives enough information to authenticate the user. This action is usually done by prompting
for a username and password combination, but may include prompts for other items, such as the
user’s mother’s maiden name.
2.
The Nexus 5000 Series switch will receive one of the following responses from the
daemon:
•
ACCEPT—User authentication succeeds and service begins. If the Nexus 5000 Series switch
requires user authorization, authorization begins.
•
REJECT—User authentication failed. The daemon either denies further access to the
user or prompts the user to retry the login sequence.
•
ERROR—An error occurred at some time during authentication dither at the daemon or in the
network connection between the daemon and the Nexus 5000 Series switch. If the Nexus 5000
Series switch receives an ERROR response, the Nexus 5000 Series switch tries to use an
alternative method for authenticating the user.
The user also undergoes an additional authorization phase, if authorization has been enabled on the
Nexus 5000 Series switch. Users must first successfully complete authentication before
proceeding to authorization.
3.
If authorization is required, the Nexus 5000 Series switch again contacts the
daemon and it returns an ACCEPT or REJECT authorization response. An ACCEPT response
contains attributes that are used to direct the EXEC or NETWORK session for that user and
determines the services that the user can access.
Services include the following:
•
Telnet, rlogin, Point-to-Point Protocol (PPP), Serial Line Internet Protocol (SLIP), or EXEC
services
Summary of Contents for N5010P-N2K-BE
Page 50: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 102: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 240: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 312: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 400: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 418: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 436: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 658: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...