Chapter 17 Configuring Radiu; Radius Operation - Cisco AJ732A - MDS 9134 Fabric Switch Configuration Manual
Cisco nexus 5000 series switch cli software configuration guide, nx-os 4.0(1a)n1 (ol-16597-01, january 2009)
Hide thumbs
Also See for AJ732A - Cisco MDS 9134 Fabric Switch:
- Command reference manual (1640 pages) ,
- Messages manual (518 pages) ,
- Installation manual (288 pages)
Table of Contents
Advertisement
Information About RADIUS
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
You can use RADIUS in the following network environments that require access security:
•
•
•
•
RADIUS Operation
When a user attempts to log in and authenticate to a Nexus 5000 Series switch using RADIUS, the
following process occurs:
1.
2.
3.
The ACCEPT or REJECT response is bundled with additional data that is used for EXEC or network
authorization. You must first complete RADIUS authentication before using RADIUS authorization.
The additional data included with the ACCEPT or REJECT packets consists of the following:
•
•
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
17-2
Networks with multiple-vendor network devices, each supporting RADIUS.
For example, network devices from several vendors can use a single RADIUS server-based security
database.
Networks already using RADIUS.
You can add a Nexus 5000 Series switch with RADIUS to the network. This action might be the first
step when you make a transition to a AAA server.
Networks that require resource accounting.
You can use RADIUS accounting independent of RADIUS authentication or authorization. The
RADIUS accounting functions allow data to be sent at the start and end of services, indicating the
amount of resources (such as time, packets, bytes, and so on) used during the session. An Internet
service provider (ISP) might use a freeware-based version of the RADIUS access control and
accounting software to meet special security and billing needs.
Networks that support authentication profiles.
Using the RADIUS server in your network, you can configure AAA authentication and set up
per-user profiles. Per-user profiles enable the Nexus 5000 Series switch to better manage ports using
their existing RADIUS solutions and to efficiently manage shared resources to offer different
service-level agreements.
The user is prompted for and enters a username and password.
The username and encrypted password are sent over the network to the RADIUS server.
The user receives one of the following responses from the RADIUS server:
ACCEPT—The user is authenticated.
•
REJECT—The user is not authenticated and is prompted to reenter the username and password,
•
or access is denied.
CHALLENGE—A challenge is issued by the RADIUS server. The challenge collects additional
•
data from the user.
•
CHANGE PASSWORD—A request is issued by the RADIUS server, asking the user to select
a new password.
Services that the user can access, including Telnet, rlogin, or local-area transport (LAT) connections,
and Point-to-Point Protocol (PPP), Serial Line Internet Protocol (SLIP), or EXEC services.
Connection parameters, including the host or client IPv4 or IPv6 address, access list, and user
timeouts.
Chapter 17
Configuring RADIUS
OL-16597-01
- Quick Links:
- Cisco Nexus 5000 Series Switch Hardware
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
