Prerequisites For Aaa; Guidelines And Limitations For Aaa; Default Settings For Aaa - Cisco Nexus 9000 Series Configuration Manual

Prerequisites for AAA

Prerequisites for AAA
Remote AAA servers have the following prerequisites:
• Ensure that at least one RADIUS, TACACS+, or LDAP server is reachable through IP.
• Ensure that the Cisco NX-OS device is configured as a client of the AAA servers.
• Ensure that the secret key is configured on the Cisco NX-OS device and the remote AAA servers.
• Ensure that the remote server responds to AAA requests from the Cisco NX-OS device.

Guidelines and Limitations for AAA

AAA has the following guidelines and limitations:
• If you have a user account configured on the local Cisco NX-OS device that has the same name as a
• Cisco Nexus 9000 Series switches support the aaa authentication login ascii-authentication command
• If you modify the default login authentication method (without using the local keyword), the configuration
• The login block-for and login quiet-mode configuration mode commands are renamed to system login

Default Settings for AAA

This table lists the default settings for AAA parameters.
Table 4: Default AAA Parameter Settings
Parameters
Console authentication method
Default authentication method
Login authentication failure messages
CHAP authentication
MSCHAP authentication
Default accounting method
Accounting log display length
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
14
remote user account on an AAA server, the Cisco NX-OS software applies the user roles for the local
user account to the remote user, not the user roles configured on the AAA server.
only for TACACS+ (and not for RADIUS).
overrides the console login authentication method. To explicitly configure the console authentication
method, use the aaa authentication login console {group group-list [none] | local | none} command.
block-for and system login quiet-mode, respectively.
Configuring AAA
Default
local
local
Disabled
Disabled
Disabled
local
250 KB