9-12
Cisco SN5428-2 Storage Router Software Configuration Guide
OL-5239-01
Chapter9 Configuring Authentication
Configuring Authentication Services
Configuring Authentication Services
Configuring authentication services consists of setting the appropriate parameters for the various AAA
service options that can be used by the storage router. The storage router can use any or all of the
supported services:
RADIUS
TACAC S+
Local username database
Enable
Monitor
Use the procedures that follow to configure the storage router to use each of these services.
Note See the iSCSI driver readme file for details on configuring CHAP user names and passwords for iSCSI
authentication.
RADIUS Servers
Use the commands in the following procedure to configure RADIUS authentication services.
Command Description
Step1 enable Enter Administrator mode.
Step2 radius-server host 10.6.0.53 Specify the RADIUS server to be used for authentication. For
example, specify the RADIUS server at 10.6.0.53 for use by the
storage router.
Because no port is specified, the authentication requests use the
default UDP port 1645. Global timeout and retransmit values are
also used.
See the Cisco SN 5400 Series Storage Router Command Reference
for more information about the radius-server host command.
Step3 radius-server host 10.6.0.73
radius-server host 10.5.0.61
Specify additional RADIUS servers. For example, specify the
RADIUS servers at 10.6.0.73 and 10.5.0.61 as the second and third
RADIUS server to be used for authentication.
RADIUS servers are accessed in the order in which they are
defined (or for a specified server group, in the order they are
defined in the group).
Step4 radius-server key rad123SN Configure the global authentication and encryption key to be used
for all RADIUS communications between the SN 5428-2 and the
RADIUS daemon. For example, set the key to rad123SN.
This key must match the key used on the RADIUS daemon.