CHAPTER
Send documentation comments to mdsfeedback-doc@cisco.com.
27-1
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
27

RADIUS and TACACS+

Fabric Manager provides the capability to authenticate users with RADIUS or TACACS+.
This chapter includes the following sections:
Authentication, Authorization, and Accounting, page 27-1
Configuring RADIUS, page 27-5
Configuring TACACS+, page 27-8
Configuring Server Groups, page 27-10

Authentication, Authorization, and Accounting

The authentication, authorization, and accounting (AAA) mechanism verifies the identity of, grants
access to, and tracks the actions of users managing a switch. All Cisco MDS 9000 Family switches use
Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System
Plus (TACACS+) protocols to provide solutions using remote AAA servers.
Based on the user ID and password combination provided, switches perform local authentication or
authorization using the local database or remote authentication or authorization using AAA server(s). A
preshared secret key provides security for communication between the switch and AAA servers. This
secret key can be configured for all AAA server or for only a specific AAA server. This security
mechanism provides a central management capability for AAA servers.

CLI Security Options

You can access the CLI using the console (serial connection), Telnet, or Secure Shell (SSH). For each
management path (console or Telnet and SSH), you can configure one or more of the following security
control options: local, remote (RADIUS or TACACS+), or none.
Remote security control
Using Remote Authentication Dial-In User Services (RADIUS). See the “Configuring
RADIUS” section on page 27-5.
Using Terminal Access Controller Access Control System plus (TACACS+). See the
“Configuring TACACS+” section on page 27-8.
Local security control. See the “Local AAA Services” section on page 27-12.