PurposeCommand or Action
Configures the default AAA authorization method for the
LDAP servers.
aaa authorization {ssh-certificate | ssh-publickey}
default {group group-list | local}
Step 2
Example:
The ssh-certificate keyword configures LDAP or local
authorization with certificate authentication, and the
switch(config)# aaa authorization ssh-certificate
default group LDAPServer1 LDAPServer2
ssh-publickey keyword configures LDAP or local
authorization with the SSH public key. The default
authorization is local authorization, which is the list of
authorized commands for the user’s assigned role.
The group-list argument consists of a space-delimited list
of LDAP server group names. Servers that belong to this
group are contacted for AAA authorization. The local
method uses the local database for authorization.
Displays the AAA authorization configuration. The all
keyword displays the default values.
(Optional) show aaa authorization [all]
Example:
Step 3
switch(config)# show aaa authorization
Copies the running configuration to the startup
configuration.
(Optional) copy running-config startup-config
Example:
Step 4
switch(config)# copy running-config startup-config
Related Topics
Enabling or Disabling LDAP, on page 110
Monitoring LDAP Servers
You can monitor the statistics that the Cisco NX-OS device maintains for LDAP server activity.
Before you begin
Configure LDAP servers on the Cisco NX-OS device.
SUMMARY STEPS
1. show ldap-server statistics {hostname | ipv4-address | ipv6-address}
DETAILED STEPS
PurposeCommand or Action
Displays the LDAP server statistics.
show ldap-server statistics {hostname | ipv4-address |
ipv6-address}
Step 1
Example:
switch# show ldap-server statistics 10.10.1.1
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
122
Configuring LDAP
Monitoring LDAP Servers
To Next Page
Loading...
