Authentication And Authorization Process - Cisco AP775A - Nexus Converged Network Switch 5010 Configuration Manual
Fabric manager configuration guide, release 4.x
Hide thumbs
Also See for AP775A - Nexus Converged Network Switch 5010:
- Reference (886 pages) ,
- Command reference manual (792 pages) ,
- Configuration manual (760 pages)
Table of Contents
Advertisement
Switch AAA
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Authentication and Authorization Process
Authentication is the process of verifying the identity of the person managing the switch. This identity
verification is based on the user ID and password combination provided by the person managing the
switch. The Cisco MDS 9000 Family switches allow you to perform local authentication (using the
lookup database) or remote authentication (using one or more RADIUS servers or TACACS+ servers).
The following steps explain the authorization and authentication process:
Log in to the required switch in the Cisco MDS 9000 Family, using the Telnet, SSH, Fabric
Step 1
Manager/Device Manager, or console login options.
Step 2
When you have configured server groups using the server group authentication method, an
authentication request is sent to the first AAA server in the group.
•
•
•
When you are successfully authenticated through a remote AAA server, then the following possible
Step 3
actions are taken:
•
•
•
When your user name and password are successfully authenticated locally, you are allowed to log in, and
Step 4
you are assigned the roles configured in the local database.
Figure 41-2
Cisco MDS 9000 Family Fabric Manager Configuration Guide
41-6
If the AAA server fails to respond, then the next AAA server is contacted and so on until the remote
server responds to the authentication request.
If all AAA servers in the server group fail to respond, then the servers in the next server group are
contacted.
If all configured methods fail, then the local database is used for authentication.
If the AAA server protocol is RADIUS, then user roles specified in the cisco-av-pair attribute are
downloaded with an authentication response.
If the AAA server protocol is TACACS+, then another request is sent to the same server to get the
user roles specified as custom attributes for the shell.
If user roles are not successfully retrieved from the remote AAA server, then the user is assigned the
network-operator role.
shows a flow chart of the authorization and authentication process.
Chapter 41
Configuring RADIUS and TACACS+
OL-17256-03, Cisco MDS NX-OS Release 4.x
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
