Configuring RADIUS
• You can configure a maximum of 64 RADIUS servers on the Cisco NX-OS device.
• If you have a user account configured on the local Cisco NX-OS device that has the same name as a
• Only the RADIUS protocol supports one-time passwords.
• For N9K-X9636C-R and N9K-X9636Q-R line cards and the N9K-C9508-FM-R fabric module, RADIUS
• Cisco Nexus 9K Series switches support the CLI command, aaa authentication login ascii-authentication,
Default Settings for RADIUS
This table lists the default settings for RADIUS parameters.
Table 7: Default RADIUS Parameter Settings
Parameters
Server roles
Dead timer interval
Retransmission count
Retransmission timer interval
Authentication port
Accounting port
Idle timer interval
Periodic server monitoring username
Periodic server monitoring password
Configuring RADIUS Servers
This section describes how to configure RADIUS servers on a Cisco NX-OS device.
Note
If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might
differ from the Cisco IOS commands that you would use.
remote user account on an AAA server, the Cisco NX-OS software applies the user roles for the local
user account to the remote user, not the user roles configured on the AAA server.
authentication fails for usernames with special characters.
only for TACAAS+, but not for RADIUS. Ensure that you have disabled aaa authentication login
ascii-authentication switch so that the default authentication, PAP, is enabled. Otherwise, you will see
syslog errors.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Default Settings for RADIUS
Default
Authentication and accounting
0 minutes
1
5 seconds
1812
1813
0 minutes
test
test
43