Table of Contents
Advertisement
Guidelines and Limitations for AAA
Guidelines and Limitations for AAA
The Cisco Nexus devices do not support all numeric usernames, whether created with TACACS+ or RADIUS,
or created locally. If an all numeric username exists on an AAA server and is entered during a login, the Cisco
Nexus device still logs in the user.
If you configure the AAA login authentication default group, TACACS-SERVER-GROUP, it also overrides
the login for the console. This override occurs even if aaa authentication login console local is a default
command on the switch. To prevent this, you must configure aaa authentication login console local.
You should not create user accounts with usernames that are all numeric.
Caution
Configuring AAA
Configuring Console Login Authentication Methods
The authentication methods include the following:
• Global pool of RADIUS servers
• Named subset of RADIUS or TACACS+ servers
• Local database on the Cisco Nexus device.
• Username only none
The default method is local.
Note
The group radius and group server-name forms of the aaa authentication command are used for a
set of previously defined RADIUS servers. Use the radius server-host command to configure the host
servers. Use the aaa group server radius command to create a named group of servers.
If you configure the AAA login authentication default group, TACACS-SERVER-GROUP, it also overrides
Note
the login for the console. This override occurs even if aaa authentication login console local is a default
command on the switch. To prevent this, you must configure aaa authentication login console local.
Before you configure console login authentication methods, configure RADIUS or TACACS+ server groups
as needed.
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
12
Configuring AAA
Hide quick links:
Advertisement
Table of Contents
