1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. Nexus 3600 NX-OS
  6. Security configuration manual

Using Aaa Server Vsas; Vsas; Vsa Format; Specifying Switch User Roles And Snmpv3 Parameters On Aaa Servers - Cisco Nexus 3600 NX-OS Security Configuration Manual

Hide thumbs
Table of Contents

Advertisement

Using AAA Server VSAs

Using AAA Server VSAs

VSAs

You can use vendor-specific attributes (VSAs) to specify the Cisco Nexus device user roles and SNMPv3
parameters on AAA servers.
The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating VSAs
between the network access server and the RADIUS server. The IETF uses attribute 26. VSAs allow vendors
to support their own extended attributes that are not suitable for general use. The Cisco RADIUS implementation
supports one vendor-specific option using the format recommended in the specification. The Cisco vendor
ID is 9, and the supported option is vendor type 1, which is named cisco-av-pair. The value is a string with
the following format:
protocol : attribute seperator value *
The protocol is a Cisco attribute for a particular type of authorization, separator is an equal sign (=) for
mandatory attributes, and an asterisk (* ) indicates optional attributes.
When you use RADIUS servers for authentication on a Cisco Nexus device, the RADIUS protocol directs
the RADIUS server to return user attributes, such as authorization information, with authentication results.
This authorization information is specified through VSAs.

VSA Format

The following VSA protocol options are supported by the Cisco Nexus device:
• Shell— Used in access-accept packets to provide user profile information.
• Accounting—Used in accounting-request packets. If a value contains any white spaces, put it within
The following attributes are supported by the Cisco Nexus device:
• roles—Lists all the roles assigned to the user. The value field is a string that stores the list of group
• accountinginfo—Stores additional accounting information in addition to the attributes covered by a

Specifying Switch User Roles and SNMPv3 Parameters on AAA Servers

You can use the VSA cisco-av-pair on AAA servers to specify user role mapping for the Cisco Nexus device
using this format:
shell:roles="roleA roleB ..."
If you do not specify the role option in the cisco-av-pair attribute, the default user role is network-operator.
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
20
double quotation marks.
names delimited by white space.
standard RADIUS accounting protocol. This attribute is sent only in the VSA portion of the
Account-Request frames from the RADIUS client on the switch, and it can only be used with the
accounting protocol-related PDUs.
Configuring AAA
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco Nexus 3600 NX-OS

Related Content for Cisco Nexus 3600 NX-OS

Table of Contents