Manualshelf

Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX-OS 4.0(1a)N1 (OL-16597-01, January 2009)

ManualsBrandsHP ManualsStorageCisco MDS 9513 with Supervisor 2 Director Switch
241242243244245246247248249250
Send feedback to nx5000-docfeedback@cisco.com
16-4
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
Chapter 16 Configuring AAA
Information About AAA
Note For console login authentication, user login authentication, and user management session accounting,
the Nexus 5000 Series switches try each option in the order specified. The local option is the default
method when other configured options fail.
Authentication and Authorization Process for User Login
Figure 16-1 shows a flowchart of the authentication and authorization process for user login. The
following process occurs:
1. When you log in to the required Nexus 5000 Series switch, you can use the Telnet, SSH, Fabric
Manager or Device Manager, or console login options.
2. When you have configured the AAA server groups using the server group authentication method,
the Nexus 5000 Series switch sends an authentication request to the first AAA server in the group
as follows:
a. If the AAA server fails to respond, then the next AAA server is tried and so on until the remote
server responds to the authentication request.
b. If all AAA servers in the server group fail to respond, then the servers in the next server group
are tried.
c. If all configured methods fail, then the local database is used for authentication.
3. If the Nexus 5000 Series switches successfully authenticate you through a remote AAA server, then
the following possibilities apply:
a. If the AAA server protocol is RADIUS, then user roles specified in the cisco-av-pair attribute
are downloaded with an authentication response.
b. If the AAA server protocol is TACACS+, then another request is sent to the same server to get
the user roles specified as custom attributes for the shell.
4. If your username and password are successfully authenticated locally, the Nexus 5000 Series switch
logs you in and assigns you the roles configured in the local database.
Table 16-2 AAA Authentication Methods for AAA Services
AAA Service AAA Methods
Console login authentication Server groups, local, and none
User login authentication Server groups, local, and none
User management session
accounting
Server groups and local