Using Aaa Server Vsas With Nexus 5000 Series Switches - Cisco AJ732A - MDS 9134 Fabric Switch Configuration Manual
Cisco nexus 5000 series switch cli software configuration guide, nx-os 4.0(1a)n1 (ol-16597-01, january 2009)
Hide thumbs
Also See for AJ732A - Cisco MDS 9134 Fabric Switch:
- Command reference manual (1640 pages) ,
- Messages manual (518 pages) ,
- Installation manual (288 pages)
Table of Contents
Advertisement
Chapter 16
Configuring AAA
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
Using AAA Server VSAs with Nexus 5000 Series Switches
You can use vendor-specific attributes (VSAs) to specify the Nexus 5000 Series user roles and SNMPv3
parameters on AAA servers.
This section includes the following topics:
•
•
•
About VSAs
The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating VSAs
between the network access server and the RADIUS server. The IETF uses attribute 26. VSAs allow
vendors to support their own extended attributes that are not suitable for general use. The Cisco RADIUS
implementation supports one vendor-specific option using the format recommended in the specification.
The Cisco vendor ID is 9, and the supported option is vendor type 1, which is named cisco-av-pair. The
value is a string with the following format:
protocol : attribute seperator value *
The protocol is a Cisco attribute for a particular type of authorization, separator is an equal sign (=) for
mandatory attributes, and an asterisk (
When you use RADIUS servers for authentication on a Nexus 5000 Series switch, the RADIUS protocol
directs the RADIUS server to return user attributes, such as authorization information, along with
authentication results. This authorization information is specified through VSAs.
VSA Format
The following VSA protocol options are supported by the Nexus 5000 Series switches:
•
•
The following attributes are supported by the Nexus 5000 Series switches:
•
•
Specifying Cisco Nexus 5000 Series Switch User Roles and SMNPv3 Parameters on AAA Servers
You can use the VSA cisco-av-pair on AAA servers to specify user role mapping for the Nexus 5000
Series switch using this format:
shell:roles="roleA roleB ..."
OL-16597-01
About VSAs, page 16-11
VSA Format, page 16-11
Specifying Cisco Nexus 5000 Series Switch User Roles and SMNPv3 Parameters on AAA Servers,
page 16-11
Shell— Used in access-accept packets to provide user profile information.
Accounting—Used in accounting-request packets. If a value contains any white spaces, put it within
double quotation marks.
roles—Lists all the roles assigned to the user. The value field is a string that stores the list of group
names delimited by white space.
accountinginfo—Stores additional accounting information in addition to the attributes covered by a
standard RADIUS accounting protocol. This attribute is sent only in the VSA portion of the
Account-Request frames from the RADIUS client on the switch, and it can only be used with the
accounting protocol-related PDUs.
) indicates optional attributes.
*
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
Configuring AAA
16-11
- Quick Links:
- Cisco Nexus 5000 Series Switch Hardware
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
