Support User Manuals

Cisco Systems SN 5428-2 Saw User Manual

Open as PDF

of 22

9-15

Cisco SN 5428-2 Storage Router Software Configuration Guide

OL-5239-01

Chapter 9 Configuring Authentication

Creating Named Server Groups

Creating Named Server Groups

By default, you can use all configured RADIUS or TACACS+ servers for authentication. All configured

RADIUS servers belong to the default group named radius. All configured TACACS+ servers belong to

the default group named tacacs+.

You can also create named groups of RADIUS or TACACS+ servers, to be used for specific

authentication purposes. For example, you can use a subset of all configured RADIUS servers for iSCSI

authentication of IP hosts requesting access to storage via a specific SCSI routing instance.

In the example configuration shown in Figure 9-2, the group of RADIUS servers named janus and the

default group of all TACACS+ servers will be used for iSCSI authentication of IP hosts accessing storage

via the SCSI routing instance named zeus. In the example configurations shown in Figure 9-5 and

Figure 9-7, the group of TACACS+ servers named sysadmin will be used for Enable and Login

authentication.

Radius Server Groups

Use the commands in the following procedure to create a named group of RADIUS servers.

TACACS+ Server Groups

Use the commands in the following procedure to create a named group of TACACS+ servers.

Command Description

Step 1

enable Enter Administrator mode.

Step 2

aaa group server radius janus Create a group of RADIUS servers. For example create a group

named janus.

All authentication server groups must have unique names; you

cannot have a group of RADIUS servers named janus and a group

of TACACS+ servers named janus.

Step 3

aaa group server radius janus

server 10.5.0.61

Add a RADIUS server to the named group. For example, add the

RADIUS server at IP address 10.5.0.61 to the group named janus.

Because no port is specified, authentication requests to this server

use the default UDP port 1645. Servers are accessed in the order

in which they are defined within the named group.

Step 4

aaa group server radius janus

server 10.6.0.53

Add another RADIUS server to the named group. For example,

add the RADIUS server at IP address 10.6.0.53 to the group named

janus.

Command Description

Step 1

enable Enter Administrator mode.

Step 2

aaa group server tacacs+

sysadmin

Create a group of TACACS+ servers. For example create a group

named sysadmin.

All authentication server groups must have unique names; you

cannot have a group of TACACS+ servers named sysadmin and a

group of RADIUS servers named sysadmin.

previous next