AAA Server Monitoring
To view the current display status, use the show aaa authentication login error-enable command (see the
following example).
Displays AAA Authentication Login Information
switch# show aaa authentication login error-enable enabled
AAA Server Monitoring
An unresponsive AAA server introduces a delay in the processing of AAA requests. An MDS switch can
periodically monitor an AAA server to check whether it is responding (or alive) to save time in processing
AAA requests. The MDS switch marks unresponsive AAA servers as dead and does not send AAA requests
to any dead AAA servers. An MDS switch periodically monitors dead AAA servers and brings them to the
alive state once they are responding. This monitoring process verifies that an AAA server is in a working state
before real AAA requests are sent its way. Whenever an AAA server changes to the dead or alive state, an
SNMP trap is generated and the MDS switch warns the administrator that a failure is taking place before it
can impact performance. See
Figure 2: AAA Server States
Note
The monitoring interval for alive servers and dead servers is different and can be configured by the user. The
AAA server monitoring is performed by sending a test authentication request to the AAA server.
The user name and password to be used in the test packet can be configured.
See the
Details, on page 64
Authentication and Authorization Process
Authentication is the process of verifying the identity of the person managing the switch. This identity
verification is based on the user ID and password combination provided by the person managing the switch.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
34
Figure 2: AAA Server States, on page 34
Configuring RADIUS Server Monitoring Parameters, on page 54
sections.
Configuring Security Features on an External AAA Server
for AAA server states.
and
Displaying RADIUS Server