Table of Contents
Advertisement
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Configuring RADIUS and TACACS+
The authentication, authorization, and accounting (AAA) mechanism verifies the identity of, grants
access to, and tracks the actions of users managing a switch. All Cisco MDS 9000 Family switches use
Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System
Plus (TACACS+) protocols to provide solutions using remote AAA servers.
Based on the user ID and password combination provided, switches perform local authentication or
authorization using the local database or remote authentication or authorization using AAA server(s). A
preshared secret key provides security for communication between the switch and AAA servers. This
secret key can be configured for all AAA server or for only a specific AAA server. This security
mechanism provides a central management capability for AAA servers.
This chapter includes the following sections:
Switch Management Security, page 28-2
•
•
Switch AAA Functionalities, page 28-2
Configuring RADIUS, page 28-5
•
Configuring TACACS+, page 28-10
•
Configuring Server Groups, page 28-14
•
Distributing AAA Server Configuration, page 28-15
•
Local AAA Services, page 28-19
•
Authentication and Authorization Process, page 28-20
•
Configuring Accounting Services, page 28-22
•
Configuring Cisco ACS Servers, page 28-24
•
•
Default Settings, page 28-27
OL-8222-01, Cisco MDS SAN-OS Release 3.x
C H A P T E R
Cisco MDS 9000 Family CLI Configuration Guide
28
28-1
Advertisement
Table of Contents
