Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment5428 - SN Router
12345678910
12-6
Cisco SN 5428-2 Storage Router Software Configuration Guide
78-15471-01
Chapter 12 Command Line Interface Reference
aaa authentication iscsi
In a cluster environment, AAA management functions are handled by a single storage router. To
determine which storage router is performing AAA management functions, issue the show cluster
command. If you issue the aaa authentication iscsi command from a storage router that is not
performing AAA management functions, the CLI displays an informational message with the name of
the node that is currently handling those functions.
In Table 12-2, the group radius and group tacacs+ methods refer to all previously defined RADIUS or
TACACS+ servers; the group name method refers to a group of one or more RADIUS or TACACS+
servers. Use the radius-server host and tacacs-server host commands to configure the servers, and the
aaa group server radius and aaa group server tacacs+ commands to create server groups.
Note A named server group must be defined to be used as an authentication method. However, verification of
server groups occurs only at runtime. If a server group is not defined, the authentication process
generates error messages and the server group is skipped. This could cause unexpected authentication
failures.
If the local authentication service is selected, the user name validation is not case-sensitive. If local-case
authentication service is selected, the user name validation is case-sensitive. The password validation for
both the local service and the local-case service is case-sensitive.
Examples The following example creates a new AAA authentication list named webtest and enables iSCSI
authentication for the SCSI routing instance named myCompanyWebserver2, using the webtest
authentication list. When iSCSI authentication is required, AAA first tries to use the local username
database for authentication. If no match is found, AAA attempts to contact a TACACS+ server. If no
server is found, AAA returns an error and the IP host is allowed access with no authentication.
[SN5428-2A]# aaa authentication iscsi webtest local group tacacs+ none
[SN5428-2A]# scsirouter myCompanyWebserver2 authentication webtest
Table 12-2 aaa authentication iscsi services
Keyword Description
group name Uses a named group of defined RADIUS or TACACS+ servers for
authentication.
group radius Uses the list of all RADIUS servers for authentication.
group tacacs+ Uses the list of all TACACS+ servers for authentication.
local Uses the local username database for authentication.
local-case Uses case-sensitive local username authentication.
none Uses no authentication.