EasyManuals Logo

Cisco AP775A - Nexus Converged Network Switch 5010 User Manual

Cisco AP775A - Nexus Converged Network Switch 5010
1486 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #869 background imageLoading...
Page #869 background image
Send documentation comments to mdsfeedback-doc@cisco.com
41-19
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-17256-03, Cisco MDS NX-OS Release 4.x
Chapter 41 Configuring RADIUS and TACACS+
Server Groups
About Custom Attributes for Roles
Cisco MDS 9000 Family switches use the TACACS+ custom attribute for service shells to configure
roles to which a user belongs. TACACS+ attributes are specified in name=value format. The attribute
name for this custom attribute is cisco-av-pair. The following example illustrates how to specify roles
using this attribute:
cisco-av-pair=shell:roles=”network-admin vsan-admin”
You can also configure optional custom attributes to avoid conflicts with non-MDS Cisco switches using
the same AAA servers.
cisco-av-pair*shell:roles="network-admin vsan-admin"
Additional custom attribute shell:roles are also supported:
shell:roles="network-admin vsan-admin"
or
shell:roles*"network-admin vsan-admin”
Note TACACS+ custom attributes can be defined on an Access Control Server (ACS) for various services (for
example, shell). Cisco MDS 9000 Family switches require the TACACS+ custom attribute for the service
shell to be used for defining roles.
Supported TACACS+ Servers
The Cisco NX-OS software currently supports the following parameters for the listed TACACS+ servers:
TACACS+
cisco-av-pair=shell:roles="network-admin"
Cisco ACS TACACS+
shell:roles="network-admin"
shell:roles*"network-admin"
cisco-av-pair*shell:roles="network-admin"
cisco-av-pair*shell:roles*"network-admin"
cisco-av-pair=shell:roles*"network-admin"
Open TACACS+
cisco-av-pair*shell:roles="network-admin"
cisco-av-pair=shell:roles*"network-admin"
Server Groups
You can specify one or more remote AAA servers to authenticate users using server groups. All members
of a group must belong to the same protocol, either RADIUS or TACACS+. The servers are tried in the
same order in which you configure them.
The AAA server monitoring feature can mark an AAA server as dead. You can configure a period of time
in minutes to elapse before the switch sends requests to a dead AAA server. (See the
AAA Server
Monitoring” section on page 41-5.)

Table of Contents

Other manuals for Cisco AP775A - Nexus Converged Network Switch 5010

Preview: Reference
Reference886 pages
Preview: Command Reference
Command Reference792 pages
Preview: Release Note
Release Note26 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco AP775A - Nexus Converged Network Switch 5010 and is the answer not in the manual?

Cisco AP775A - Nexus Converged Network Switch 5010 Specifications

General IconGeneral
BrandCisco
ModelAP775A - Nexus Converged Network Switch 5010
CategorySwitch
LanguageEnglish

Related product manuals