1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. Nexus 3600 NX-OS
  6. Security configuration manual

Radius Server Monitoring; Vendor-Specific Attributes - Cisco Nexus 3600 NX-OS Security Configuration Manual

Hide thumbs
Table of Contents

Advertisement

Configuring RADIUS

RADIUS Server Monitoring

An unresponsive RADIUS server can cause delay in processing of AAA requests. You can configure the
switch to periodically monitor a RADIUS server to check whether it is responding (or alive) to save time in
processing AAA requests. The switch marks unresponsive RADIUS servers as dead and does not send AAA
requests to any dead RADIUS servers. The switch periodically monitors the dead RADIUS servers and brings
them to the alive state once they respond. This process verifies that a RADIUS server is in a working state
before real AAA requests are sent to the server. Whenever a RADIUS server changes to the dead or alive
state, a Simple Network Management Protocol (SNMP) trap is generated and the switch displays an error
message that a failure is taking place.
The following figure shows the different RADIUS server states:
Figure 2: RADIUS Server States
The monitoring interval for alive servers and dead servers are different and can be configured by the user.
Note
The RADIUS server monitoring is performed by sending a test authentication request to the RADIUS
server.

Vendor-Specific Attributes

The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating
vendor-specific attributes (VSAs) between the network access server and the RADIUS server. The IETF uses
attribute 26. VSAs allow vendors to support their own extended attributes that are not suitable for general
use. The Cisco RADIUS implementation supports one vendor-specific option using the format recommended
in the specification. The Cisco vendor ID is 9, and the supported option is vendor type 1, which is named
cisco-av-pair. The value is a string with the following format:
protocol : attribute separator value *
The protocol is a Cisco attribute for a particular type of authorization, the separator is an equal sign (=) for
mandatory attributes, and an asterisk (*) indicates optional attributes.
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
RADIUS Server Monitoring
31
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco Nexus 3600 NX-OS

Related Content for Cisco Nexus 3600 NX-OS

Table of Contents