hit counter script

Radius Operation; Radius Server Monitoring - Cisco Nexus 5000 Series Configuration Manual

Nx-os security configuration guide
Hide thumbs Also See for Nexus 5000 Series:
Table of Contents

Advertisement

RADIUS Operation

• Networks that support authentication profiles.
RADIUS Operation
When a user attempts to log in and authenticate to a Cisco Nexus 5000 Series switch using RADIUS, the
following process occurs:
1 The user is prompted for and enters a username and password.
2 The username and encrypted password are sent over the network to the RADIUS server.
3 The user receives one of the following responses from the RADIUS server:
The ACCEPT or REJECT response is bundled with additional data that is used for EXEC or network
authorization. You must first complete RADIUS authentication before using RADIUS authorization. The
additional data included with the ACCEPT or REJECT packets consists of the following:
• Services that the user can access, including Telnet, rlogin, or local-area transport (LAT) connections,
• Connection parameters, including the host or client IPv4 or IPv6 address, access list, and user timeouts.

RADIUS Server Monitoring

An unresponsive RADIUS server can cause delay in processing of AAA requests. You can configure the
Cisco Nexus 5000 Series switch to periodically monitor a RADIUS server to check whether it is responding
(or alive) to save time in processing AAA requests. The Cisco Nexus 5000 Series switch marks unresponsive
RADIUS servers as dead and does not send AAA requests to any dead RADIUS servers. The switch periodically
monitors the dead RADIUS servers and brings them to the alive state once they respond. This monitoring
process verifies that a RADIUS server is in a working state before real AAA requests are sent its way. Whenever
Cisco Nexus 5000 Series NX-OS Security Configuration Guide
24
Using the RADIUS server in your network, you can configure AAA authentication and set up per-user
profiles. Per-user profiles enable the Nexus 5000 Series switch to better manage ports using their existing
RADIUS solutions and to efficiently manage shared resources to offer different service-level agreements.
• ACCEPT—The user is authenticated.
• REJECT—The user is not authenticated and is prompted to reenter the username and password, or
access is denied.
• CHALLENGE—A challenge is issued by the RADIUS server. The challenge collects additional
data from the user.
• CHANGE PASSWORD—A request is issued by the RADIUS server, asking the user to select a
new password.
and Point-to-Point Protocol (PPP), Serial Line Internet Protocol (SLIP), or EXEC services.
Configuring RADIUS
OL-20919-01

Advertisement

Table of Contents
loading

Table of Contents