«

»

Mar 15

Cisco MDS 9000 Series AAA Configuration

Here is a sample for Cisco MDS 9000 Series AAA Configuration. There are two parts of it, one is to config ACS Server and Second is to configure the Switch itself. First I am detailing the switch configuration and then the ACS Config.

 

Switch Configuration

We need some basic knowledge of the setup before hand such as IP address of ACS Server and Shared key which is configured on ACS.

ACS Server

Shared Key

Function

10.10.10.1 cisco Tacacs Authentication / Radius Accounting
10.10.10.2 cisco Tacacs Authentication / Radius Accounting

 

Define timeout for server before going to next and also the deadtime after a server is retried

tacacs-server timeout 3
tacacs-server deadtime 5

Define Tacacs Server Host
tacacs-server host 10.10.10.1 key cisco
tacacs-server host 10.10.10.2 key cisco

Define the group which uses the hosts above
aaa group server tacacs+ TestTacacs
server 10.10.10.1
server 10.10.10.2

Same as above use Radius hosts and group for accounting
radius-server host 10.10.10.1 key cisco accounting
radius-server host 10.10.10.2 key cisco accounting
aaa group server radius radius
aaa group server radius TestRadius
server 10.10.10.1
server 10.10.10.2

Define authentication methods
aaa authentication login default group TestTacacs local
aaa accounting default group TestRadius
aaa authentication login error-enable

Tip: Be careful when using shared secret key for Cisco MDS  9000 Series using SAN-OS 3.1

http://www.xerunetworks.com/2012/03/cisco-mds-9000-key-mismatch-error-for-san-os-version-3-1-aaa-config/

Leave a Reply

%d bloggers like this: