Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX-OS 4.0(1a)N1 (OL-16597-01, January 2009)

ManualsBrandsHP ManualsStorageCisco MDS 9513 with Supervisor 2 Director Switch

241

242

243

244

245

246

247

248

249

250

Send feedback to nx5000-docfeedback@cisco.com

16-5

Cisco Nexus 5000 Series Switch CLI Software Configuration Guide

OL-16597-01

Chapter 16 Configuring AAA

Prerequisites for Remote AAA

Figure 16-1 Authorization and Authentication Flow for User Login

Note “No more server groups left” means that there is no response from any server in all server groups.

“No more servers left” means that there is no response from any server within this server group.

Prerequisites for Remote AAA

Remote AAA servers have the following prerequisites:

• At least one RADIUS or TACACS+ server must be IP reachable (see the “Configuring RADIUS

Server Hosts” section on page 17-5 and the “Configuring TACACS+ Server Hosts” section on

page 18-5)

• The Nexus 5000 Series switch is configured as a client of the AAA servers.

• The preshared secret key is configured on the Nexus 5000 Series switch and on the remote AAA

servers.

Access

permitted

Incoming

access

request to

switch

FailureNo

response

Failure

Access

permitted

Local

Success

Denied

access

No more

servers left

Remote

Found a

RADIUS server

185099

Incoming

access

request to

switch

RADIUS

Lookup

First or

next server

lookup

Local

database

lookup

Start