Manualshelf

Cisco Nexus 5000 Series Switch CLI Software Configuration Guide (OL-16597-01, July 2009)

ManualsBrandsHP ManualsStorageCisco Nexus 5020 with FCoE Storage Services License Converged Network Switch
271272273274275276277278279280
Table 22: AAA Authentication Methods for AAA Services
AAA MethodsAAA Service
Server groups, local, and noneConsole login authentication
Server groups, local, and noneUser login authentication
Server groups and localUser management session accounting
For console login authentication, user login authentication, and user management session accounting, the
Cisco Nexus 5000 Series switches try each option in the order specified. The local option is the default
method when other configured options fail.
Note
Authentication and Authorization Process for User Login
The figure below shows a flowchart of the authentication and authorization process for user login. The
following process occurs:
When you log in to the required Cisco Nexus 5000 Series switch, you can use the Telnet, SSH, Fabric
Manager or Device Manager, or console login options.
When you have configured the AAA server groups using the server group authentication method, the
Cisco Nexus 5000 Series switch sends an authentication request to the first AAA server in the group as
follows:
If the AAA server fails to respond, then the next AAA server is tried and so on until the remote server
responds to the authentication request.
If all AAA servers in the server group fail to respond, then the servers in the next server group are tried.
If all configured methods fail, then the local database is used for authentication.
If the Cisco Nexus 5000 Series switches successfully authenticate you through a remote AAA server,
then the following possibilities apply:
If the AAA server protocol is RADIUS, then user roles specified in the cisco-av-pair attribute are
downloaded with an authentication response.
If the AAA server protocol is TACACS+, then another request is sent to the same server to get the user
roles specified as custom attributes for the shell.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
230 OL-16597-01
Information About AAA
Authentication and Authorization Process for User Login