Chapter 9 Configuring Authentication

Creating Authentication Lists

 

Command

Description

Step 3

 

 

aaa group server tacacs+

Add a TACACS+ server to the named group. For example, add the

 

sysadmin server 10.7.0.22

TACACS+ server at IP address 10.7.0.22 to the group named

 

 

sysadmin.

 

 

Because no port is specified, authentication requests to this server

 

 

use the default port 49. Servers are accessed in the order in which

 

 

they are defined within the named group.

Step 4

 

 

aaa group server tacacs+

Add another TACACS+ server to the named group. For example,

 

sysadmin server 10.7.0.41

add the TACACS+ server at IP address 10.7.0.41 to the group

 

 

named sysadmin.

 

 

 

Creating Authentication Lists

iSCSI, Enable and Login authentication use lists of defined authentication services to administer security functions. The list that is created for Enable and Login authentication must be named default. iSCSI authentication supports a variety of authentication lists.

Use the procedures that follow according to the type of authentication required:

iSCSI authentication

Enable authentication

Login authentication

iSCSI authentication

Use the commands in the following procedure to build a unique list of authentication services to be used for iSCSI authentication.

 

Command

Description

Step 1

 

 

enable

Enter Administrator mode.

Step 2

 

 

aaa authentication iscsi

Create a unique list of authentication services for iSCSI

 

webservices2 local group janus

authentication.

 

group tacacs+

For example, create the list called webservices2 so that AAA first

 

 

 

 

tries to perform authentication using the local username database.

 

 

If AAA fails to find a user name match, an attempt is made to

 

 

contact a RADIUS server in the server group named janus. If no

 

 

RADIUS server in group janus is found, RADIUS returns an error

 

 

and AAA tries to use perform authentication using all configured

 

 

TACACS+ servers. If no TACACS+ server is found, TACACS+

 

 

returns an error and authentication fails. If a RADIUS or

 

 

TACACS+ server does not find a user name and password match,

 

 

authentication fails and no other methods are attempted.

 

 

 

Note If local or local-case is the first service in the authentication list and a user name match is not found, the next service in the list will be tried. If local or local-case is not the first service, authentication fails if a user name match is not found. Authentication always fails if a RADIUS or TACACS+ server fails to find a user name match.

Cisco SN 5428-2 Storage Router Software Configuration Guide

9-16

OL-5239-01

 

 

Page 16
Image 16
Cisco Systems SN 5428-2 Creating Authentication Lists, Sysadmin server, ISCSI authentication, Aaa authentication iscsi

SN 5428-2 specifications

Cisco Systems SN 5428-2 is a highly versatile and advanced network storage solution designed to meet the demands of data center environments. This robust storage appliance integrates cutting-edge technologies to provide high performance, reliability, and scalability, making it an ideal choice for organizations looking to enhance their data management capabilities.

One of the main features of the SN 5428-2 is its high-density architecture, which allows for efficient utilization of space while providing ample storage capacity. The system supports multiple drive configurations, including HDDs and SSDs, enabling users to tailor their storage solutions based on performance needs and budget constraints. With a significant amount of raw capacity available, organizations can effortlessly handle large volumes of data and support intensive workloads.

The SN 5428-2 boasts advanced data protection technologies, ensuring that critical information is safeguarded against loss or corruption. Features like RAID support provide redundancy and fault tolerance, while snapshot and cloning capabilities offer quick recovery options in case of data breaches or system failures. Additionally, built-in encryption features help protect sensitive data both at rest and in transit.

The appliance incorporates state-of-the-art networking capabilities as well. With support for various network protocols, including iSCSI and Fibre Channel, the SN 5428-2 can seamlessly integrate into existing infrastructures. This adaptability allows for easy connection with different servers and storage systems, facilitating a more cohesive and efficient operational environment.

Furthermore, the SN 5428-2 is designed with scalability in mind. Organizations can start with a basic configuration and expand as their storage needs grow by adding additional drives or connecting more appliances. This flexibility ensures that businesses can continue to meet their evolving data demands without the need for complete system overhauls.

Management and monitoring of the SN 5428-2 are simplified through a user-friendly interface that provides real-time insights into system performance, capacity utilization, and health status. Administrators can easily configure and manage storage resources, making operational tasks more efficient.

In summary, Cisco Systems SN 5428-2 stands out in the realm of storage solutions by combining high density, robust data protection, advanced networking capabilities, and remarkable scalability. Its thoughtful design and features make it an essential tool for organizations looking to enhance their data storage infrastructure and improve overall performance. With its reliable and efficient performance, the SN 5428-2 is well-suited for a wide array of data center applications.