S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
32-17
Cisco MDS 9000 Family CLI Configuration Guide
OL-16184-01, Cisco MDS SAN-OS Release 3.x
Chapter 32 Configuring RADIUS and
Configuring
Configuring
A Cisco MDS switch uses the Terminal Access Controller Access Control System Plus ()
protocol to communicate with remote AAA servers. You can configure multiple servers and
set timeout values.
This section includes the following topics:
•
About , page 32-17
•
About Server Default Configuration, page 32-17
•
About the Default Server Encryption Type and Preshared Key, page 32-18
•
Enabling , page 32-18
•
Setting the Server Address, page 32-18
•
Setting the Global Secret Key, page 32-20
•
Setting the Timeout Value, page 32-20
•
About Servers, page 32-21
•
Sending Test Messages for Monitoring, page 32-24
•
Password Aging Notification through Server, page 32-24
•
About Users Specifying a Server at Login, page 32-24
•
Allowing Users to Specify a Server at Login, page 32-25
•
Defining Custom Attributes for Roles, page 32-25
•
Displaying Server Details, page 32-26
About
is a client/server protocol that uses TCP (TCP port 49) for transport requirements. All
switches in the Cisco MDS 9000 Family provide centralized authentication using the
protocol. The has the following advantages over RADIUS authentication:
•
Provides independent, modular AAA facilities. Authorization can be done without authentication.
•
Uses the TCP transport protocol to send data between the AAA client and server, making reliable
transfers with a connection-oriented protocol.
•
Encrypts the entire protocol payload between the switch and the AAA server to ensure higher data
confidentiality. The RADIUS protocol only encrypts passwords.
About Server Default Configuration
Fabric Manager allows you to set up a default configuration that can be used for any server
that you configure the switch to communicate with. The default configuration includes:
•
Encryption type
•
Preshared key
•
Timeout value
•
Number of retransmission attempts