Send documentation comments to mdsfeedback-doc@cisco.com.
27-3
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
Chapter 27 RADIUS and TACACS+
Authentication, Authorization, and Accounting
If you use a SAN Volume Controller (SVC) setup, two more roles exist in all Cisco MDS switches:
SVC administrator— Has permission to view the entire configuration and make SVC-specific
configuration changes within the switch(svc) prompt.
SVC operator—Has permission to view the entire configuration. The operator cannot make any
configuration changes.
Note Refer to the Cisco MDS 9000 Family SAN Volume Controller Configuration Guide for more
information on SVC.
These four default roles cannot be changed or deleted. You can create additional roles and configure the
following options:
Configure role-based authorization by assigning user roles locally or using remote AAA servers.
Configure user profiles on a remote AAA server to contain role information. This role information
is automatically downloaded and used when the user is authenticated through the remote AAA
server.
Note If a user only belongs to one of the newly-created roles and that role is subsequently deleted,
then the user immediately defaults to the network-operator role.

Accounting

The accounting feature tracks and maintains a log of every management session used to access the
switch. This information can be used to generate reports for troubleshooting and auditing purposes.
Accounting logs can be stored locally or sent to remote AAA servers.
Tip The Cisco MDS 9000 Family switch uses interim-update RADIUS accounting-request packets to
communicate accounting log information to the RADIUS server. The RADIUS server must be
appropriately configured to log the information communicated in these packets. Several servers typically
have log update/watchdog packet flags in the AAA client configuration. Turn on this flag to ensure
proper RADIUS accounting.
Note Configuration operations are automatically recorded in the accounting log if they are performed in
configuration mode. Additionally, important system events (for example, configuration save and system
switchover) are also recorded in the accounting log.