• You can configure a maximum of 64 RADIUS servers on the Cisco NX-OS device.
• If you have a user account configured on the local Cisco NX-OS device that has the same name as a
remote user account on an AAA server, the Cisco NX-OS software applies the user roles for the local
user account to the remote user, not the user roles configured on the AAA server.
• Only the RADIUS protocol supports one-time passwords.
• For N9K-X9636C-R and N9K-X9636Q-R line cards and the N9K-C9508-FM-R fabric module, RADIUS
authentication fails for usernames with special characters.
• Cisco Nexus 9K Series switches support the CLI command, aaa authentication login ascii-authentication,
only for TACAAS+, but not for RADIUS. Ensure that you have disabled aaa authentication login
ascii-authentication switch so that the default authentication, PAP, is enabled. Otherwise, you will see
syslog errors.
Default Settings for RADIUS
This table lists the default settings for RADIUS parameters.
Table 7: Default RADIUS Parameter Settings
DefaultParameters
Authentication and accountingServer roles
0 minutesDead timer interval
1Retransmission count
5 secondsRetransmission timer interval
1812Authentication port
1813Accounting port
0 minutesIdle timer interval
testPeriodic server monitoring username
testPeriodic server monitoring password
Configuring RADIUS Servers
This section describes how to configure RADIUS servers on a Cisco NX-OS device.
If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might
differ from the Cisco IOS commands that you would use.
Note
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
43
Configuring RADIUS
Default Settings for RADIUS
To Next Page
Loading...
