Cisco Systems SN 5428-2 Saw User Manual


 
9-15
Cisco SN 5428-2 Storage Router Software Configuration Guide
OL-5239-01
Chapter 9 Configuring Authentication
Creating Named Server Groups
Creating Named Server Groups
By default, you can use all configured RADIUS or TACACS+ servers for authentication. All configured
RADIUS servers belong to the default group named radius. All configured TACACS+ servers belong to
the default group named tacacs+.
You can also create named groups of RADIUS or TACACS+ servers, to be used for specific
authentication purposes. For example, you can use a subset of all configured RADIUS servers for iSCSI
authentication of IP hosts requesting access to storage via a specific SCSI routing instance.
In the example configuration shown in Figure 9-2, the group of RADIUS servers named janus and the
default group of all TACACS+ servers will be used for iSCSI authentication of IP hosts accessing storage
via the SCSI routing instance named zeus. In the example configurations shown in Figure 9-5 and
Figure 9-7, the group of TACACS+ servers named sysadmin will be used for Enable and Login
authentication.
Radius Server Groups
Use the commands in the following procedure to create a named group of RADIUS servers.
TACACS+ Server Groups
Use the commands in the following procedure to create a named group of TACACS+ servers.
Command Description
Step 1
enable Enter Administrator mode.
Step 2
aaa group server radius janus Create a group of RADIUS servers. For example create a group
named janus.
All authentication server groups must have unique names; you
cannot have a group of RADIUS servers named janus and a group
of TACACS+ servers named janus.
Step 3
aaa group server radius janus
server 10.5.0.61
Add a RADIUS server to the named group. For example, add the
RADIUS server at IP address 10.5.0.61 to the group named janus.
Because no port is specified, authentication requests to this server
use the default UDP port 1645. Servers are accessed in the order
in which they are defined within the named group.
Step 4
aaa group server radius janus
server 10.6.0.53
Add another RADIUS server to the named group. For example,
add the RADIUS server at IP address 10.6.0.53 to the group named
janus.
Command Description
Step 1
enable Enter Administrator mode.
Step 2
aaa group server tacacs+
sysadmin
Create a group of TACACS+ servers. For example create a group
named sysadmin.
All authentication server groups must have unique names; you
cannot have a group of TACACS+ servers named sysadmin and a
group of RADIUS servers named sysadmin.