Cisco Nexus 5000 Series Switch CLI Software Configuration Guide (OL-16597-01, July 2009)

ManualsBrandsHP ManualsStorageCisco Nexus 5010 with FCoE Storage Services License Converged Network Switch

281

282

283

284

285

286

287

288

289

290

PurposeCommand or Action

(Optional)

Copies the running configuration to the startup

configuration.

switch# copy running-config

startup-config

Step 5

Enabling MSCHAP Authentication

Microsoft Challenge Handshake Authentication Protocol (MSCHAP) is the Microsoft version of CHAP. You

can use MSCHAP for user logins to a Cisco Nexus 5000 Series switch through a remote authentication server

(RADIUS or TACACS+).

By default, the Cisco Nexus 5000 Series switch uses Password Authentication Protocol (PAP) authentication

between the switch and the remote server. If you enable MSCHAP, you need to configure your RADIUS

server to recognize the MSCHAP vendor-specific attributes (VSAs).

The following table describes the RADIUS VSAs required for MSCHAP.

Table 23: MSCHAP RADIUS VSAs

DescriptionVSAVendor-Type NumberVendor-ID Number

Contains the challenge

sent by an AAA server to

MSCHAP-Challenge11311

an MSCHAP user. It can

be used in both

Access-Request and

Access-Challenge

packets.

Contains the response

value provided by an

MSCHAP-Response11211

MSCHAP user in

response to the challenge.

It is only used in

Access-Request packets.

To enable MSCHAP authentication, perform this task:

Procedure

PurposeCommand or Action

Enters configuration mode.switch# configure terminal

Step 1

Enables MS-CHAP authentication. The default

is disabled.

switch(config)# aaa authentication login

mschap enable

Step 2

Exits configuration mode.switch(config)# exit

Step 3

Cisco Nexus 5000 Series Switch CLI Software Configuration Guide

OL-16597-01 235

Configuring AAA

Enabling MSCHAP Authentication