Configuring RADIUS and TACACS+
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
When you are successfully authenticated through a remote AAA server, then the following possible
actions are taken:
If the AAA server protocol is RADIUS, then user roles specified in the cisco-av-pair attribute are
downloaded with an authentication response.
If the AAA server protocol is TACACS+, then another request is sent to the same server to get the
user roles specified as custom attributes for the shell.
If user roles are not successfully retrieved from the remote AAA server, then the user is assigned the
When your user name and password are successfully authenticated locally, you are allowed to log in, and
you are assigned the roles configured in the local database.
OL-16184-01, Cisco MDS SAN-OS Release 3.x
shows a flow chart of the authorization and authentication process.
Switch Authorization and Authentication Flow
Cisco MDS 9000 Family CLI Configuration Guide
Switch AAA Functionalities