Switch Management Security - Cisco AP776A - Nexus Converged Network Switch 5020 Configuration Manual

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Configuring RADIUS and TACACS+
The authentication, authorization, and accounting (AAA) feature verifies the identity of, grants access
to, and tracks the actions of users managing a switch. All Cisco MDS 9000 Family switches use RADIUS
and TACACS+ protocols to provide solutions using remote AAA servers.
Based on the user ID and password combination provided, switches perform local authentication or
authorization using the local database or remote authentication or authorization using a AAA server. A
preshared secret key provides security for communication between the switch and AAA servers. This
secret key can be configured for all AAA servers or for only a specific AAA server. This security feature
provides a central management capability for AAA servers.
This chapter includes the following sections:
•
•
•
•
•
•
•
•
•
•
•

Switch Management Security

Management security in any switch in the Cisco MDS 9000 Family provides security to all management
access methods, including the command-line interface (CLI) or Simple Network Management Protocol
(SNMP).
•
OL-18084-01, Cisco MDS NX-OS Release 4.x
Switch Management Security, page 34-1
Switch AAA Functionalities, page 34-2
Configuring RADIUS, page 34-8
Configuring TACACS+, page 34-17
Configuring Server Groups, page 34-27
AAA Server Distribution, page 34-30
MSCHAP Authentication, page 34-34
Local AAA Services, page 34-35
Configuring Accounting Services, page 34-36
Configuring Cisco Access Control Servers, page 34-38
Default Settings, page 34-41
CLI Security Options, page 34-2
C H A P T E R
Cisco MDS 9000 Family CLI Configuration Guide
34
34-1