Table of Contents
Advertisement
Configuring AAA Accounting Default Methods
By default, the Cisco Nexus device uses Password Authentication Protocol (PAP) authentication between the
switch and the remote server. If you enable MSCHAP, you must configure your RADIUS server to recognize
the MSCHAP vendor-specific attributes (VSAs).
The following table describes the RADIUS VSAs required for MSCHAP.
Table 4: MSCHAP RADIUS VSAs
Vendor-ID Number
311
211
Procedure
Step 1
Step 2
Step 3
Step 4
Step 5
Configuring AAA Accounting Default Methods
The Cisco Nexus device supports TACACS+ and RADIUS methods for accounting. The switches report user
activity to TACACS+ or RADIUS security servers in the form of accounting records. Each accounting record
contains accounting attribute-value (AV) pairs and is stored on the AAA server.
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
18
Vendor-Type Number
11
11
Command or Action
switch# configure terminal
switch(config)# aaa authentication login
mschap enable
switch(config)# exit
switch# show aaa authentication login
mschap
switch# copy running-config
startup-config
VSA
Description
MSCHAP-Challenge
Contains the challenge
sent by an AAA server to
an MSCHAP user. It can
be used in both
Access-Request and
Access-Challenge
packets.
MSCHAP-Response
Contains the response
value provided by an
MSCHAP user in
response to the challenge.
It is only used in
Access-Request packets.
Purpose
Enters global configuration mode.
Enables MS-CHAP authentication. The default
is disabled.
Exits configuration mode.
(Optional)
Displays the MS-CHAP configuration.
(Optional)
Copies the running configuration to the startup
configuration.
Configuring AAA
Hide quick links:
Advertisement
Table of Contents
