CHAPTER
Send documentation comments to mdsfeedback-doc@cisco.com
17-1
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
OL-9285-05
17
Troubleshooting RADIUS and TACACS+
The authentication, authorization, and accounting (AAA) mechanism verifies the identity of, grants
access to, and tracks the actions of users managing a switch. All Cisco MDS 9000 Family switches use
the Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control
System Plus (TACACS+) protocols to provide solutions using remote AAA servers.
This chapter includes the following sections:
• AAA Overview, page 17-1
• Initial Troubleshooting Checklist, page 17-1
• AAA Issues, page 17-2
• Troubleshooting RADIUS and TACACS+ With Cisco ACS, page 17-11
AAA Overview
Based on the user ID and password combination provided, switches perform local authentication or
authorization using the local database or remote authentication or authorization using AAA server(s). A
preshared secret key provides security for communication between the switch and AAA servers. This
secret key can be configured as a global key for all AAA servers or on a per AAA server basis. This
security mechanism provides a central management capability for AAA servers.
Note Users authenticated through a remote AAA server cannot create jobs using the command scheduler.
Initial Troubleshooting Checklist
Begin troubleshooting AAA issues by checking the following issues:
Checklist Check off
Use the test aaa server CLI command to verify connectivity to your AAA server.
Verify that you have assigned appropriate attributes on your AAA server for user roles.
Verify that the preshared key is the same on both the switch and the AAA server.
Verify that you have no all-numeric users or passwords configured.
To Next Page
Loading...
Need help?
General