Manualshelf

Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX-OS 4.0(1a)N1 (OL-16597-01, January 2009)

ManualsBrandsHP ManualsStorageCisco MDS 9513 with Supervisor 2 Director Switch
241242243244245246247248249250
Send feedback to nx5000-docfeedback@cisco.com
16-8
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
Chapter 16 Configuring AAA
Configuring AAA
Configuring Default Login Authentication Methods
The authentication methods include the following:
Global pool of RADIUS servers
Named subset of RADIUS or TACACS+ servers
Local database on the Nexus 5000 Series switch
Username only
The default method is local.
Before you configure default login authentication methods, configure RADIUS or TACACS+ server
groups as needed. To configure default login authentication methods, perform this task:
Enabling Login Authentication Failure Messages
When you log in, the login is processed by the local user database if the remote AAA servers do not
respond. If you have enabled the displaying of login failure messages, the following message is
displayed :
Remote AAA servers unreachable; local authentication done.
Remote AAA servers unreachable; local authentication failed.
To enable login authentication failure messages, perform this task:
Command Purpose
Step 1
switch# configure terminal
Enters configuration mode.
Step 2
switch(config)# aaa authentication login
default {group group-list [none]| local |
none}
Configures the default authentication methods.
The group-list argument consists of a
space-delimited list of group names. The group
names are the following:
radius—Uses the global pool of RADIUS
servers for authentication.
named-group—Uses a named subset of
TACACS+ or RADIUS servers for
authentication.
The local method uses the local database for
authentication. The none method uses the username
only.
The default login method is local, which is used
when no methods are configured or when all of the
configured methods do not respond.
Step 3
switch(config)# exit
Exits configuration mode.
Step 4
switch# show aaa authentication
(Optional) Displays the configuration of the default
login authentication methods.
Step 5
switch# copy running-config startup-config
(Optional) Copies the running configuration to the
startup configuration.