Tips and Pitfalls: AAA

Common Commands

test aaa server tacacs+|radius username password

show user-account

Key Points / Pitfalls

  • CLI test authentication always uses PAP
  • ACS uses format cisco-av-pair=shell:roles=”rolename”
  • RADIUS uses format shell:roles=”rolename”
  • server secrets and groups are not transferred via CFS
  • accounting is enabled by default as well as authentication when defining a RADIUS server
This entry was posted in CCIE Storage and tagged , . Bookmark the permalink.

Leave a Reply