Configuring the RADIUS, TACACS+, and LDAP Server
Cisco MDS 9000 Family switches can use the RADIUS protocol to communicate with remote AAA servers. You can configure multiple RADIUS servers and server groups and set timeout and retry counts.
RADIUS is a distributed client/server protocol that secures networks against unauthorized access. In the Cisco implementation, RADIUS clients run on Cisco MDS 9000 Family switches and send authentication requests to a central RADIUS server that contains all user authentication and network service access information.
This section defines the RADIUS operation, identifies its network environments, and describes its configuration possibilities.
A Cisco MDS switch uses the Terminal Access Controller Access Control System Plus (TACACS+) protocol to communicate with remote AAA servers. You can configure multiple TACACS+ servers and set timeout values.
This section includes the following topics:
- Authorizing and Authenticating the Switch
- Configuring Fallback Mechanism for Authentication
- Configuring the Default RADIUS Server Encryption Type and Preshared Key
- Setting the Default RADIUS Server Timeout Interval and Retransmits
- Configuring an LDAP Server
- Validating a RADIUS Server
- Allowing Users to Specify a RADIUS Server at Login
- Setting the Default TACACS+ Server Encryption Type and Preshared Key
- Setting the Default TACACS+ Server Timeout Interval and Retransmits
- Configuring a TACACS+ Server
- Allowing Users to Specify a TACACS+ Server at Login
- .Configuring Server Groups
- Enabling AAA Server Distribution
- Committing the Distribution
- Discarding the Distribution Session
- Clearing Sessions
- Enabling MSCHAP Authentication
- Configuring Cisco Access Control Servers
Copyright 2010-2013, Cisco Systems, Inc. All rights reserved.