Configuring Security Features on an External AAA Server

Configuring Security Features on an External AAA Server

The authentication, authorization, and accounting (AAA) feature verifies the identity of, grants access to, and tracks the actions of users managing a switch. All Cisco MDS 9000 Family switches use Remote Access Dial-In User Service (RADIUS) or Terminal Access Controller Access Control device Plus (TACACS+) protocols to provide solutions using remote AAA servers.

Based on the user ID and password combination provided, switches perform local authentication or authorization using the local database or remote authentication or authorization using a AAA server. A preshared secret key provides security for communication between the switch and AAA servers. This secret key can be configured for all AAA servers or for only a specific AAA server. This security feature provides a central management capability for AAA servers.

This chapter includes the following topics:

Information About Switch Management Security

Guidelines and Limitations

Default Settings

Configuring the RADIUS, TACACS+, and LDAP Server

Verifying RADIUS and TACACS+ Configuration

Feature History for RADIUS, TACACS+, and LDAP

Copyright 2010-2013, Cisco Systems, Inc. All rights reserved.