Specifications
9-11
Cisco SN 5428-2 Storage Router Software Configuration Guide
78-15471-01
Chapter 9 Configuring Authentication
Configuring AAA Authentication Services
Configuring AAA Authentication Services
Configuring AAA authentication services consists of setting the appropriate parameters for the various
service options that can be used by the storage router. The storage router can use any or all of the
supported services:
• RADIUS
• TACACS+
• Local username database
• Enable
• Monitor
Use the procedures that follow to configure the storage router to use each of these services.
Note See the iSCSI driver readme file for details on configuring CHAP user names and passwords for iSCSI
authentication.
RADIUS Servers
Use the commands in the following procedure to configure RADIUS authentication services.
Command Description
Step 1
enable Enter Administrator mode.
Step 2
radius-server host 10.6.0.53 Specify the RADIUS server to be used for AAA authentication.
For example, specify the RADIUS server at 10.6.0.53 for use by
the storage router.
Because no port is specified, the authentication requests use the
default UDP port 1645. Global timeout and retransmit values are
also used.
See Chapter 12, “Command Line Interface Reference,” for more
information about the radius-server host command.
Step 3
radius-server host 10.6.0.73
radius-server host 10.5.0.61
Specify additional RADIUS servers. For example, specify the
RADIUS servers at 10.6.0.73 and 10.5.0.61 as the second and third
RADIUS server to be used for AAA authentication.
RADIUS servers are accessed in the order in which they are
defined (or for a specified server group, in the order they are
defined in the group).
Step 4
radius-server key rad123SN Configure the global authentication and encryption key to be used
for all RADIUS communications between the SN 5428-2 and the
RADIUS daemon. For example, set the key to rad123SN.
This key must match the key used on the RADIUS daemon.