Table of Contents
Advertisement
Chapter 28
Configuring RADIUS and TACACS+
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
•
If your user name and password are successfully authenticated locally, you are allowed to log in, and you
Step 4
are assigned the roles configured in the local database.
Figure 28-1
No more server groups left = no response from any server in all server groups.
Note
No more servers left = no response from any server within this server group.
Tip
In Step 1, use the aaa authentication login default command to configure policies for using Telnet,
SSH, or Fabric Manager/Device Manager and the aaa authentication login console command to
configure AAA policies using the console. If the aaa authentication login console command is not
configured for console login, the software automatically uses policies used by the aaa authentication
login default command.
OL-8222-01, Cisco MDS SAN-OS Release 3.x
If user roles are not successfully retrieved from the remote AAA server, then the user is assigned the
network-operator role.
Switch Authorization and Authentication Flow
next server
RADIUS
permitted
switch
switch
Remote
No more
First or
servers left
lookup
Found a
RADIUS server
Lookup
No
response
Accept
Access
Cisco MDS 9000 Family CLI Configuration Guide
Authentication and Authorization Process
Local
Success
database
lookup
Failure
Denied
access
Access
permitted
28-21
Advertisement
Table of Contents
