Enabling Login Authentication Failure Messages
Enabling Login Authentication Failure Messages
When you log in, the login is processed by the local user database if the remote AAA servers do not respond.
If you have enabled the displaying of login failure messages, the following message is displayed :
Remote AAA servers unreachable; local authentication done.
Remote AAA servers unreachable; local authentication failed.
To enable login authentication failure messages, perform this task:
SUMMARY STEPS
1. switch# configure terminal
2. switch(config)# aaa authentication login error-enable
3. switch(config)# exit
4. (Optional) switch# show aaa authentication
5. (Optional) switch# copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1
switch# configure terminal
Step 2
switch(config)# aaa authentication login
error-enable
Step 3
switch(config)# exit
Step 4
switch# show aaa authentication
Step 5
switch# copy running-config startup-config
Enabling MSCHAP Authentication
Microsoft Challenge Handshake Authentication Protocol (MSCHAP) is the Microsoft version of CHAP. You
can use MSCHAP for user logins to a Cisco Nexus 5000 Series switch through a remote authentication server
(RADIUS or TACACS+).
By default, the Cisco Nexus 5000 Series switch uses Password Authentication Protocol (PAP) authentication
between the switch and the remote server. If you enable MSCHAP, you need to configure your RADIUS
server to recognize the MSCHAP vendor-specific attributes (VSAs).
The following table describes the RADIUS VSAs required for MSCHAP.
OL-20919-01
Purpose
Enters configuration mode.
Enables login authentication failure messages. The default
is disabled.
Exits configuration mode.
(Optional)
Displays the login failure message configuration.
(Optional)
Copies the running configuration to the startup
configuration.
Cisco Nexus 5000 Series NX-OS Security Configuration Guide
Configuring AAA
15