Authentication And Authorization Process For User Login - Cisco Nexus 5000 Series Configuration Manual

Nx-os security configuration guide

Hide thumbs Also See for Nexus 5000 Series:

Cli configuration manual (660 pages)

Configuration manual (334 pages)

Command reference manual (196 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

page of 108

/ 108
Contents
Table of Contents
Bookmarks

Table of Contents

Information About AAA

Table 3: AAA Authentication Methods for AAA Services

AAA Service

Console login authentication

User login authentication

User management session accounting

For console login authentication, user login authentication, and user management session accounting, the

Note

Cisco Nexus 5000 Series switches try each option in the order specified. The local option is the default

method when other configured options fail.

Authentication and Authorization Process for User Login

The figure below shows a flowchart of the authentication and authorization process for user login. The

following process occurs:

• When you log in to the required Cisco Nexus 5000 Series switch, you can use the Telnet, SSH, Fabric

• When you have configured the AAA server groups using the server group authentication method, the

• If the Cisco Nexus 5000 Series switches successfully authenticate you through a remote AAA server,

Cisco Nexus 5000 Series NX-OS Security Configuration Guide

Manager or Device Manager, or console login options.

Cisco Nexus 5000 Series switch sends an authentication request to the first AAA server in the group as

follows:

If the AAA server fails to respond, then the next AAA server is tried and so on until the remote server

responds to the authentication request.

If all AAA servers in the server group fail to respond, then the servers in the next server group are tried.

If all configured methods fail, then the local database is used for authentication.

then the following possibilities apply:

If the AAA server protocol is RADIUS, then user roles specified in the cisco-av-pair attribute are

downloaded with an authentication response.

If the AAA server protocol is TACACS+, then another request is sent to the same server to get the user

roles specified as custom attributes for the shell.

Authentication and Authorization Process for User Login

AAA Methods

Server groups, local, and none

Server groups and local

OL-20919-01

Table of Contents

Authentication And Authorization Process For User Login - Cisco Nexus 5000 Series Configuration Manual

Authentication and Authorization Process for User Login

Related Manuals for Cisco Nexus 5000 Series

Related Content for Cisco Nexus 5000 Series

Table of Contents