Configuring Authentication, Authorization, and Accounting
Specifying Switch User Roles and SMNPv3 Parameters on AAA Servers
You can use the VSA cisco-av-pair on AAA servers to specify user role mapping for the Cisco Nexus 5000
Series switch using this format:
shell:roles="roleA roleB ..."
If you do not specify the role option in the cisco-av-pair attribute, the default user role is network-operator.
You can also specify your SNMPv3 authentication and privacy protocol attributes as follows:
shell:roles="roleA roleB..." snmpv3:auth=SHA priv=AES-128
The SNMPv3 authentication protocol options are SHA and MD5. The privacy protocol options are AES-128
and DES. If you do not specify these options in the cisco-av-pair attribute, MD5 and DES are the default
authentication protocols.
For additional information, see the Configuring User Accounts and RBAC chapter in the Cisco Nexus 5000
Series NX-OS System Management Configuration Guide.
Displaying and Clearing the Local AAA Accounting Log
The Cisco Nexus 5000 Series switch maintains a local log for the AAA accounting activity. To display this
log and clear it, perform this task:
SUMMARY STEPS
1. switch# show accounting log [size] [start-time year month day hh : mm : ss]
2. (Optional) switch# clear accounting log
DETAILED STEPS
Command or Action
Step 1
switch# show accounting log [size]
[start-time year month day hh : mm : ss]
Step 2
switch# clear accounting log
Verifying AAA Configuration
To display AAA configuration information, perform one of the following tasks:
OL-20919-01
Specifying Switch User Roles and SMNPv3 Parameters on AAA Servers
Purpose
Displays the accounting log contents. By default, the command output
contains up to 250,000 bytes of the accounting log. You can use the size
argument to limit command output. The range is from 0 to 250000 bytes.
You can also specify a start time for the log output.
(Optional)
Clears the accounting log contents.
Cisco Nexus 5000 Series NX-OS Security Configuration Guide
19