Vendor-Specific Attributes - Cisco Nexus 5000 Series Configuration Manual

Nx-os security configuration guide

Hide thumbs Also See for Nexus 5000 Series:

Cli configuration manual (660 pages)

Configuration manual (334 pages)

Command reference manual (196 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

page of 108

/ 108
Contents
Table of Contents
Bookmarks

Table of Contents

Configuring RADIUS

a RADIUS server changes to the dead or alive state, a Simple Network Management Protocol (SNMP) trap

is generated and the Cisco Nexus 5000 Series switch displays an error message that a failure is taking place.

Figure 2: RADIUS Server States

The monitoring interval for alive servers and dead servers are different and can be configured by the user.

Note

The RADIUS server monitoring is performed by sending a test authentication request to the RADIUS

server.

Vendor-Specific Attributes

The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating

vendor-specific attributes (VSAs) between the network access server and the RADIUS server. The IETF uses

attribute 26. VSAs allow vendors to support their own extended attributes that are not suitable for general

use. The Cisco RADIUS implementation supports one vendor-specific option using the format recommended

in the specification. The Cisco vendor ID is 9, and the supported option is vendor type 1, which is named

cisco-av-pair. The value is a string with the following format:

protocol : attribute separator value *

The protocol is a Cisco attribute for a particular type of authorization, the separator is an equal sign (=) for

mandatory attributes, and an asterisk (*) indicates optional attributes.

When you use RADIUS servers for authentication on a Cisco Nexus 5000 Series switch, the RADIUS protocol

directs the RADIUS server to return user attributes, such as authorization information, along with authentication

results. This authorization information is specified through VSAs.

The following VSA protocol options are supported by the Cisco Nexus 5000 Series switch:

• Shell— Used in access-accept packets to provide user profile information.

• Accounting— Used in accounting-request packets. If a value contains any white spaces, you should

The Nexus 5000 Series switch supports the following attributes:

OL-20919-01

enclose the value within double quotation marks.

Cisco Nexus 5000 Series NX-OS Security Configuration Guide

Vendor-Specific Attributes

Table of Contents

Vendor-Specific Attributes - Cisco Nexus 5000 Series Configuration Manual

Vendor-Specific Attributes

Related Manuals for Cisco Nexus 5000 Series

Related Content for Cisco Nexus 5000 Series

Table of Contents