Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX-OS 4.0(1a)N1 (OL-16597-01, January 2009)

ManualsBrandsHP ManualsStorageCisco MDS 9513 with Supervisor 2 Director Switch

251

252

253

254

255

256

257

258

259

260

Send feedback to nx5000-docfeedback@cisco.com

17-4

Cisco Nexus 5000 Series Switch CLI Software Configuration Guide

OL-16597-01

Chapter 17 Configuring RADIUS

Prerequisites for RADIUS

The following VSA protocol options are supported by the Nexus 5000 Series switch:

• Shell— Used in access-accept packets to provide user profile information.

• Accounting— Used in accounting-request packets. If a value contains any white spaces, you should

enclose the value within double quotation marks.

The Nexus 5000 Series switch supports the following attributes:

• roles—Lists all the roles to which the user belongs. The value field is a string that lists the role

names delimited by white space.

• accountinginfo—Stores accounting information in addition to the attributes covered by a standard

RADIUS accounting protocol. This attribute is sent only in the VSA portion of the Account-Request

frames from the RADIUS client on the switch. It can be used only with the accounting protocol data

units (PDUs).

Prerequisites for RADIUS

RADIUS has the following prerequisites:

• Obtain IPv4 or IPv6 addresses or host names for the RADIUS servers.

• Obtain preshared keys from the RADIUS servers.

• Ensure that the Nexus 5000 Series switch is configured as a RADIUS client of the AAA servers.

Guidelines and Limitations

RADIUS has the following guidelines and limitations:

• You can configure a maximum of 64 RADIUS servers on the Nexus 5000 Series switch.

Configuring RADIUS Servers

To configure RADIUS servers, perform this task:

Step 1 Establish the RADIUS server connections to the Nexus 5000 Series switch.

See the “Configuring RADIUS Server Hosts” section on page 17-5.

Step 2 Configure the preshared secret keys for the RADIUS servers.

See the “Configuring Global Preshared Keys” section on page 17-6.

Step 3 If needed, configure RADIUS server groups with subsets of the RADIUS servers for AAA

authentication methods.

See the “Allowing Users to Specify a RADIUS Server at Login” section on page 17-8 and the

“Configuring AAA” section on page 16-6.

Step 4 If needed, configure any of the following optional parameters:

• Dead-time interval

See the “The following example shows how to configure periodic RADIUS server monitoring:”

section on page 17-12.