Nexus 7000 Series Switch Problem with Remote User Authentication via SSH with a TACACS account
|
|
- Annabel Wilcox
- 5 years ago
- Views:
Transcription
1 Nexus 7000 Series Switch Problem with Remote User Authentication via SSH with a TACACS account Document ID: Contributed by Scott Laffer, Cisco TAC Engineer. Sep 11, 2013 Contents Introduction Prerequisites Requirements Components Used Problem Symptoms Conditions Troubleshoot Solution Confirmation Workarounds Resolved Versions Related Information Introduction This document provides the steps required in order to troubleshoot and confirm that a Cisco Nexus 7000 Series switch is affected by the known software defect Cisco bug ID CSCud Prerequisites Requirements There are no specific requirements for this document. Components Used The information in this document is based on these software and hardware versions: Cisco Nexus 7000 Series Switches Cisco Nexus Operating System (NX OS) Versions 5.2(5) to 5.2(7) Inclusive Cisco NX OS Versions 6.0(1) to 6.1(3) Inclusive The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
2 Problem Symptoms Users are unable to remotely log in to a Nexus 7000 Series switch Virtual Device Context (VDC) with TACACS authentication. Additionally, these messages are seen in the logs: n7k vdc 1# show log last 200 grep TACACS 2013 May 13 17:17:31 n7k vdc 1 TACACS 3 TACACS_ERROR_MESSAGE All servers 2013 May 13 17:17:46 n7k vdc 1 TACACS 3 TACACS_ERROR_MESSAGE All servers 2013 May 13 17:18:06 n7k vdc 1 TACACS 3 TACACS_ERROR_MESSAGE All servers 2013 May 13 17:18:12 n7k vdc 1 TACACS 3 TACACS_ERROR_MESSAGE All servers 2013 May 13 17:18:16 n7k vdc 1 TACACS 3 TACACS_ERROR_MESSAGE All servers 2013 May 13 17:20:26 n7k vdc 1 TACACS 3 TACACS_ERROR_MESSAGE All servers 2013 May 13 17:20:39 n7k vdc 1 TACACS 3 TACACS_ERROR_MESSAGE All servers 2013 May 13 17:21:50 n7k vdc 1 TACACS 3 TACACS_ERROR_MESSAGE All servers 2013 May 13 17:22:09 n7k vdc 1 TACACS 3 TACACS_ERROR_MESSAGE All servers n7k vdc 1# Conditions This problem is encountered on Nexus 7000 Series switches that run Cisco NX OS Versions between 5.2(5) and 5.2(7), as well as between to 6.1(3). The VDC must use TACACS authentication, like this example: n7k vdc 1# show run tacacs+!command: show running config tacacs+!time: Mon May 13 17:20: version 6.1(2) feature tacacs+ ip tacacs source interface mgmt0 tacacs server timeout 30 tacacs server host key 7 "keypassword" aaa group server tacacs+ default server use vrf management n7k vdc 1# show run aaa!command: show running config aaa!time: Mon May 13 17:21: version 6.1(2) aaa authentication login default group default aaa authorization config commands default group default
3 aaa authorization commands default group default aaa accounting default group default no aaa user default role aaa authentication login error enable tacacs server directed request Troubleshoot 1. Confirm the TACACS Server Status Confirm that the Nexus 7000 Series switch is successfully able to ping the TACACS server via the correct Virtual Routing and Forwarding (VRF). Confirm that the TACACS server still successfully authenticates users on other devices. 2. Check the Authentication, Authorization, and Accounting (AAA) Process Error Logs Use this command in order to check the AAA process error logs: n7k vdc 1# show system internal aaa event history errors 1) Event:E_DEBUG, length:54, at usecs after Mon May 13 17:22: [102] All Configured methods failed for default:default 2) Event:E_DEBUG, length:53, at usecs after Mon May 13 17:22: [102] protocol TACACS failed with server group default 3) Event:E_DEBUG, length:54, at usecs after Mon May 13 17:22: [102] All Configured methods failed for default:default 4) Event:E_DEBUG, length:53, at usecs after Mon May 13 17:22: [102] protocol TACACS failed with server group default 5) Event:E_DEBUG, length:54, at usecs after Mon May 13 17:21: [102] All Configured methods failed for default:default 6) Event:E_DEBUG, length:53, at usecs after Mon May 13 17:21: [102] protocol TACACS failed with server group default 3. Check the TACACS+ Process Error Logs Use this command in order to check the TACACS+ process error logs: n7k vdc 1# show system internal tacacs+ event history errors 1) Event:E_DEBUG, length:88, at usecs after Mon May 13 17:22: [100] switch_tac_server: Unreachable servers case.setting error code for aaa session 0 2) Event:E_DEBUG, length:77, at usecs after Mon May 13 17:22: [100] switch_tac_server: no more server in the server group for aaa session 0 3) Event:E_DEBUG, length:103, at usecs after Mon May 13 17:22: [100] connect_tac_server: non blocking connect failed, switching server for aaa session id(0) rtvalue(3) 4) Event:E_DEBUG, length:97, at usecs after Mon May 13 17:22: [100] non_blocking_connect(171): getaddrinfo(dns cache fail) with retcode: 1
4 for server: ) Event:E_DEBUG, length:62, at usecs after Mon May 13 17:22: [100] tplus_encrypt(655):key is configured for this aaa session. 6) Event:E_DEBUG, length:95, at usecs after Mon May 13 17:22: [100] tplus_make_acct_request(1343):not calling the name resolution routine as rem_addr is empty 7) Event:E_DEBUG, length:63, at usecs after Mon May 13 17:22: [100] tplus_make_acct_request(1308):accounting userdata:console0 8) Event:E_DEBUG, length:63, at usecs after Mon May 13 17:22: [100] init_tplus_req_state_machine:global source interface mgmt0 9) Event:E_DEBUG, length:48, at usecs after Mon May 13 17:22: [100] is_intf_up_with_valid_ip(1129):port is up. 10) Event:E_DEBUG, length:57, at usecs after Mon May 13 17:22: [100] is_intf_up_with_valid_ip(1126):proper IOD is found. 11) Event:E_DEBUG, length:52, at usecs after Mon May 13 17:22: [100] Exiting function: get_if_index_from_global_conf 12) Event:E_DEBUG, length:66, at usecs after Mon May 13 17:22: [100] Function get_if_index_from_global_conf: found interface mgmt0 13) Event:E_DEBUG, length:53, at usecs after Mon May 13 17:22: [100] Entering function: get_if_index_from_global_conf 14) Event:E_DEBUG, length:68, at usecs after Mon May 13 17:22: [100] init_tplus_req_state_machine:falling to globally configured one 15) Event:E_DEBUG, length:79, at usecs after Mon May 13 17:22: [100] init_tplus_req_state_machine:no source interface configured for this group 4. Debug TACACS+ Authentication Requests Turn on debugging for TACACS+ Authentication requests. AAA debugging outputs these logs: n7k vdc 1# debug tacacs+ aaa request n7k vdc 1# show logging logfile last May 13 18:20: tacacs: tplus_encrypt(655):key is configured for this aaa session May 13 18:20: tacacs: non_blocking_connect(171): getaddrinfo DNS cache fail) with retcode: 1 for server: May 13 18:20: tacacs: connect_tac_server: non blocking connect failed, switching server for aaa session id(0) rtvalue(3) 2013 May 13 18:20: tacacs: switch_tac_server: no more server in the server group for aaa session May 13 18:20: tacacs: switch_tac_server: Unreachable servers case.setting error code for aaa session 0 5. Perform a Packet Capture on the TACACS Server A packet capture on the TACACS server shows that no packets arrive from the VDC.
5 6. Perform a Ethanalyzer Capture on the Nexus 7000 Series Switch An Ethanalyzer capture shows that no packets egress towards the TACACS server. 7. Check the Running Processes on the VDC The show proc cpu sort command shows 33 instances (32 defunct) of the TACACSD process running. n7k vdc 1# show proc cpu sort include tacacs % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacs % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd % tacacsd Solution The VDC encounters the known software defect Cisco bug ID CSCud The TACACSD process spawns child processes that get stuck. This reaches a maximum of 32 processes, and it is unable to spawn any more in order to pass the authentication. Confirmation 1. Confirm that there are 33 instances of TACACSD. You can use the command show proc cpu sort grep c 'tacacsd' in order to count the instances. 2. Perform an ethanalyzer capture, and confirm that the request does not leave the Nexus 7000 Series
6 switch. 3. Match the previous log messages. Workarounds There are three possibilities. Remove all of the TACACS configuration, and remove and readd the feature and the configuration. Another option is to perform a supervisor switchover. Or you can reload the VDC. Resolved Versions NX OS Versions 5.2(9) and Later in the 5.2 Train NX OS Versions 6.1(3) and Later in the 6.1 Train Related Information Cisco Bug Toolkit Cisco bug ID CSCud02139 Technical Overview of Virtual Device Contexts Ethanalyzer: Cisco NX OS Software Built In Packet Capture Utility Technical Support & Documentation Cisco Systems Updated: Sep 11, 2013 Document ID:
Nexus 7000 and 7700 Series Switches Optimized ACL Logging Configuration Example
Nexus 7000 and 7700 Series Switches Optimized ACL Logging Configuration Example Document ID: 118907 Contributed by Richard Michael, Cisco TAC Engineer. Apr 15, 2015 Contents Introduction Prerequisites
More informationvpc Layer 3 Backup Routing with F1 and Peer Gateway
vpc Layer 3 Backup Routing with F1 and Peer Gateway Document ID: 116740 Contributed by Andy Gossett, Cisco TAC Engineer. Dec 16, 2013 Contents Introduction Prerequisites Requirements Components Used Configure
More informationConfiguring Authentication, Authorization, and Accounting
Configuring Authentication, Authorization, and Accounting This chapter contains the following sections: Information About AAA, page 1 Prerequisites for Remote AAA, page 5 Guidelines and Limitations for
More informationUpgrading or Downgrading the Cisco Nexus 3500 Series NX-OS Software
Upgrading or Downgrading the Cisco Nexus 3500 Series NX-OS Software This chapter describes how to upgrade or downgrade the Cisco NX-OS software. It contains the following sections: About the Software Image,
More informationConfiguring Layer 3 Virtualization
CHAPTER 14 This chapter describes how to configure Layer 3 virtualization. This chapter includes the following sections: Layer 3 Virtualization, page 14-1 Licensing Requirements for VRFs, page 14-5 Prerequisites
More informationSend document comments to
CHAPTER 8 This chapter describes how to configure Telnet and includes the following topics: Information About the Telnet Server, page 8-1 Prerequisites for Telnet, page 8-1 Guidelines and Limitations,
More informationCisco Nexus 1000V for KVM Security Configuration Guide, Release 5.x
Cisco Nexus 1000V for KVM Security Configuration Guide, Release 5.x First Published: August 01, 2014 Last Modified: November 13, 2015 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San
More informationConfiguring SSH and Telnet
6 CHAPTER This chapter describes how to configure Secure Shell Protocol (SSH) and Telnet on Cisco NX-OS devices. This chapter includes the following sections: Information About SSH and Telnet, page 6-1
More informationConfiguring DNS. Finding Feature Information. Information About DNS Clients. DNS Client Overview
This chapter contains the following sections: Finding Feature Information, on page 1 Information About DNS Clients, on page 1 Licensing Requirements for DNS Clients, on page 3 Prerequisites for DNS Clients,
More informationConfiguring TACACS+ Information About TACACS+ Send document comments to CHAPTER
4 CHAPTER This chapter describes how to configure the Terminal Access Controller Access Control System Plus (TACACS+) protocol on NX-OS devices. This chapter includes the following sections: Information
More informationConfiguring Session Manager
This chapter describes how to configure Session Manager on Cisco NX-OS devices. This chapter contains the following sections: About Session Manager, page 1 Licensing Requirements for Session Manager, page
More informationRADIUS Route Download
The feature allows users to configure their network access server (NAS) to direct RADIUS authorization. Finding Feature Information, page 1 Prerequisites for, page 1 Information About, page 1 How to Configure,
More informationConnecting to the Management Network and Securing Access
CHAPTER 3 Connecting to the Network and Securing Access This chapter provides Cisco NX-OS recommended best practices for connecting a Cisco Nexus 7000 Series switch to the management network(s) and securing
More informationConfiguring NTP. Information About NTP. Information About the NTP Server. This chapter contains the following sections:
This chapter contains the following sections: Information About NTP, page 1 Licensing Requirements, page 3 Prerequisites for NTP, page 3 Guidelines and Limitations for NTP, page 3 Default Settings for
More informationConfiguring NTP. Information About NTP. Information About the NTP Server. This chapter contains the following sections:
This chapter contains the following sections: Information About NTP Information About NTP, on page 1 Licensing Requirements, on page 3 Prerequisites for NTP, on page 3 Guidelines and Limitations for NTP,
More informationConfiguring Rate Limits
22 CHAPTER This chapter describes how to configure rate limits for egress traffic on NX-OS devices. This chapter includes the following topics: Information About Rate Limits, page 22-1 Virtualization Support,
More informationCisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Release Notes, Release 4.1(2)E1(1f)
Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Release Notes, Release 4.1(2)E1(1f) Date: November 8, 2010 Part Number: A0 This document describes the features, caveats, and limitations
More informationConfiguring ECMP for Host Routes
CHAPTER 9 This chapter describes how to configure the equal-cost multipathing (ECMP) protocol for host routes on the Cisco NX-OS switch. This chapter includes the following sections: Information About
More informationConfiguring TACACS+ About TACACS+
This chapter describes how to configure the Terminal Access Controller Access Control System Plus (TACACS+) protocol on Cisco NX-OS devices. This chapter includes the following sections: About TACACS+,
More informationRestrictions for Secure Copy Performance Improvement
The Protocol (SCP) feature provides a secure and authenticated method for copying router configuration or router image files. SCP relies on Secure Shell (SSH), an application and a protocol that provide
More informationHow to Configure SSH on Catalyst Switches Running CatOS
How to Configure SSH on Catalyst Switches Running CatOS Contents Introduction Prerequisites Requirements Components Used Conventions Network Diagram Switch Configuration Disabling SSH debug in the Catalyst
More informationConfiguring WCCPv2. Information About WCCPv2. Send document comments to CHAPTER
CHAPTER 5 This chapter describes how to configure the Web Cache Communication Protocol version 2 (WCCPv2) on Cisco NX-OS devices. This chapter includes the following sections: Information About WCCPv2,
More informationConfiguring NTP. Information About NTP. Information About the NTP Server. This chapter contains the following sections:
This chapter contains the following sections: Information About NTP Information About NTP, on page 1 Licensing Requirements, on page 2 Prerequisites for NTP, on page 3 Guidelines and Limitations for NTP,
More informationConfiguring TACACS+ Finding Feature Information. Prerequisites for TACACS+
Finding Feature Information, page 1 Prerequisites for TACACS+, page 1 Information About TACACS+, page 3 How to Configure TACACS+, page 7 Monitoring TACACS+, page 16 Finding Feature Information Your software
More informationPerforming Software Maintenance Upgrades
This chapter describes how to perform software maintenance upgrades (SMUs) on Cisco NX-OS devices. This chapter includes the following sections: About SMUs, page 1 Prerequisites for SMUs, page 3 Guidelines
More informationTroubleshooting Cisco Data Center Infrastructure (DCIT) 6.0
Troubleshooting Cisco Data Center Infrastructure (DCIT) 6.0 Duration: 5 days; Instructor-led WHAT YOU WILL LEARN Troubleshooting Cisco Data Center Infrastructure (DCIT) is a five days instructor-led course
More informationConfiguring LDAP. Finding Feature Information
This chapter describes how to configure the Lightweight Directory Access Protocol (LDAP) on Cisco NX-OS devices. This chapter includes the following sections: Finding Feature Information, page 1 Information
More informationWorking with Configuration Files
This chapter contains the following sections: Finding Feature Information, page 1 Information About Configuration Files, page 1 Licensing Requirements for Configuration Files, page 2 Managing Configuration
More informationThis chapter describes how to configure the NetFlow feature on Cisco NX-OS devices.
This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices. Finding Feature Information, page 1 NetFlow, page 2 Licensing Requirements for NetFlow, page 6 Prerequisites for NetFlow,
More informationConfiguring NTP. Information About NTP. This chapter contains the following sections:
This chapter contains the following sections: Information About NTP, page 1 NTP as Time Server, page 2 Distributing NTP Using CFS, page 2 Clock Manager, page 2 High Availability, page 2 Virtualization
More informationConfiguring NetFlow. Information About NetFlow. Send document comments to CHAPTER
CHAPTER 11 Use this chapter to configure NetFlow to characterize IP traffic based on its source, traffic destination, timing, and application information, giving visibility into traffic transiting the
More informationPrerequisites for Controlling Switch Access with Terminal Access Controller Access Control System Plus (TACACS+)
Finding Feature Information, page 1 Prerequisites for Controlling Switch Access with Terminal Access Controller Access Control System Plus (TACACS+), page 1 Information About TACACS+, page 3 How to Configure
More informationConfiguring User Accounts and RBAC
6 CHAPTER This chapter describes how to configure user accounts and role-based access control (RBAC) on NX-OS devices. This chapter includes the following sections: Information About User Accounts and
More informationConfigure IOS-XE to display full show running-config for users with low Privilege Levels
Configure IOS-XE to display full show running-config for users with low Privilege Levels Contents Introduction Prerequisites Requirements Components Used Configuration Problem Configuration Solution and
More informationConfiguring Local Authentication and Authorization
Configuring Local Authentication and Authorization Finding Feature Information, page 1 How to Configure Local Authentication and Authorization, page 1 Monitoring Local Authentication and Authorization,
More informationManaging GSS User Accounts Through a TACACS+ Server
CHAPTER 4 Managing GSS User Accounts Through a TACACS+ Server This chapter describes how to configure the GSS, primary GSSM, or standby GSSM as a client of a Terminal Access Controller Access Control System
More informationCisco Nexus 3500 Series NX-OS Software Upgrade and Downgrade Guide, Release 7.x
Cisco Nexus 3500 Series NX-OS Software Upgrade and Downgrade Guide, Release 7.x First Published: 2018-02-01 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com
More informationThis chapter describes how to configure the Network Time Protocol (NTP) on Cisco NX-OS devices. This chapter includes the following sections:
This chapter describes how to configure the Network Time Protocol (NTP) on Cisco NX-OS devices. This chapter includes the following sections: About NTP, page 1 Licensing Requirements for NTP, page 3 Prerequisites
More informationDiscovering Network Devices
CHAPTER 5 To generate reports, Prime Performance Manager must discover your network devices. This is accomplished by importing the device inventory from Cisco Prime Network, running device discovery from
More informationConfiguring an FQDN ACL
This document describes how to configure an access control lists (ACL) using a fully qualified domain name (FQDN). The feature allows you to configure and apply an ACL to a wireless session based on the
More informationConfiguring sflow. About sflow. sflow Agent
About sflow This chapter describes how to configure sflow on Cisco NX-OS devices. This chapter includes the following sections: About sflow, on page 1 Licensing Requirements for sflow, on page 2 Prerequisites
More informationSecure Shell Configuration Guide, Cisco IOS Release 15M&T
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More informationThis chapter describes how to configure the Configure Replace feature.
This chapter describes how to configure the feature. Finding Feature Information, page 1 Information About, page 1 Configuring the, page 2 Workflow for operation, page 3 Verifying the Operation, page 4
More informationPerforming Software Maintenance Upgrades (SMUs)
Performing Software Maintenance Upgrades (SMUs) This chapter describes how to perform software maintenance upgrades (SMUs) on Cisco Nexus 3000 Series switches. This chapter includes the following sections:
More informationConfiguring User Accounts and RBAC
7 CHAPTER This chapter describes how to configure user accounts and role-based access control (RBAC) on NX-OS devices. This chapter includes the following sections: Information About User Accounts and
More informationConfiguring NTP. Information About NTP. This chapter contains the following sections:
This chapter contains the following sections: Information About NTP, page 1 NTP as Time Server, page 2 Distributing NTP Using CFS, page 2 Clock Manager, page 2 High Availability, page 2 Virtualization
More informationConfiguring sflow. Information About sflow. sflow Agent. This chapter contains the following sections:
This chapter contains the following sections: Information About sflow, page 1 Licensing Requirements, page 2 Prerequisites, page 2 Guidelines and Limitations for sflow, page 2 Default Settings for sflow,
More informationConfiguring NetFlow. NetFlow Overview
NetFlow identifies packet flows for ingress IP packets and provides statistics based on these packet flows. NetFlow does not require any change to either the packets themselves or to any networking device.
More informationConfiguring NetFlow. About NetFlow. This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices.
This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices. About NetFlow, page 1 Licensing Requirements for NetFlow, page 4 Prerequisites for NetFlow, page 4 Guidelines and Limitations
More informationTroubleshooting the Security Appliance
CHAPTER 43 This chapter describes how to troubleshoot the security appliance, and includes the following sections: Testing Your Configuration, page 43-1 Reloading the Security Appliance, page 43-6 Performing
More informationLab AAA Authorization and Accounting
Lab 11.3.2 AAA Authorization and Accounting Objective Scenario Step 1 In this lab, the student will use the exec-timeout command to control the amount of time before an idle telnet or console session is
More informationConfiguring NetFlow. NetFlow Overview
NetFlow Overview NetFlow identifies packet flows for ingress IP packets and provides statistics based on these packet flows. NetFlow does not require any change to either the packets themselves or to any
More informationACS Shell Command Authorization Sets on IOS and ASA/PIX/FWSM Configuration Example
ACS Shell Command Authorization Sets on IOS and ASA/PIX/FWSM Configuration Example Document ID: 99361 Contents Introduction Prerequisites Requirements Components Used Conventions Command Authorization
More informationConfigure a Cisco Router with TACACS+ Authentication
Configure a Cisco Router with TACACS+ Authentication Document ID: 13865 Contents Introduction Prerequisites Requirements Components Used Conventions Authentication Add Authorization Add Accounting Test
More informationSend document comments to
CHAPTER 3 This chapter describes how to identify and resolve installation problems, and includes the following topics: Isolating Problems, page 3-1 Improving Performance, page 3-4 Verifying the Domain
More informationTroubleshooting Tools and Methodology
This chapter contains the following sections: Command-Line Interface Troubleshooting Commands, page 1 Configuration Files, page 3 CLI Debug, page 3 Ping and Traceroute, page 4 Monitoring Processes and
More informationCisco Nexus 3000 Series NX-OS Security Configuration Guide, Release 6.x
Cisco Nexus 3000 Series NX-OS Security Configuration Guide, Release 6.x First Published: 2013-05-21 Last Modified: 2017-03-13 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA
More informationOverview of the Cisco NCS Command-Line Interface
CHAPTER 1 Overview of the Cisco NCS -Line Interface This chapter provides an overview of how to access the Cisco Prime Network Control System (NCS) command-line interface (CLI), the different command modes,
More informationConfiguring System Message Logging
This chapter contains the following sections: Information About System Message Logging, page 1 Licensing Requirements for System Message Logging, page 2 Guidelines and Limitations for System Message Logging,
More informationConfiguring Secure Shell
Configuring Secure Shell Last Updated: October 24, 2011 The Secure Shell (SSH) feature is an application and a protocol that provides a secure replacement to the Berkeley r-tools. The protocol secures
More informationConfiguring Security Features on an External AAA Server
CHAPTER 3 Configuring Security Features on an External AAA Server The authentication, authorization, and accounting (AAA) feature verifies the identity of, grants access to, and tracks the actions of users
More informationConfiguring RADIUS. Information About RADIUS. RADIUS Network Environments. Send document comments to
3 CHAPTER This chapter describes how to configure Remote Access Dial-In User Service (RADIUS) protocol on NX-OS devices. This chapter includes the following sections: Information About RADIUS, page 3-1
More informationUsing the Management Ethernet Interface
This chapter covers the following topics: Gigabit Ethernet Management Interface Overview, page 1 Gigabit Ethernet Port Numbering, page 1 IP Address Handling in ROMmon and the Management Ethernet Port,
More information"Charting the Course... Troubleshooting Cisco Data Center Infrastructure v6.0 (DCIT) Course Summary
Description Troubleshooting Cisco Data Center Infrastructure v6.0 (DCIT) Course Summary v6.0 is a five-day instructor-led course that is designed to help students prepare for the Cisco CCNP Data Center
More informationUsing the Management Ethernet Interface
The Cisco ASR 920 Series Router has one Gigabit Ethernet Management Ethernet interface on each Route Switch Processor. The purpose of this interface is to allow users to perform management tasks on the
More informationTroubleshooting. Testing Your Configuration CHAPTER
82 CHAPTER This chapter describes how to troubleshoot the ASA and includes the following sections: Testing Your Configuration, page 82-1 Reloading the ASA, page 82-8 Performing Password Recovery, page
More informationVDC Virtual Device Context. Prepared By Rajeev Srikant
VDC Virtual Device Context Prepared By Rajeev Srikant Agenda What is VDC? Why Use VDCs? Creating & Configuring VDCs 2 What is VDC? Virtual Device Contexts (VDCs): Cisco s VDC are basically Virtual Ethernet
More informationConfiguring User Accounts and RBAC
This chapter describes how to configure user accounts and role-based access control (RBAC) on Cisco NX-OS devices. This chapter includes the following sections: Finding Feature Information, page 1 Information
More informationConfiguring Cisco Prime NAM
Cisco SRE NAM has an internal Gigabit Ethernet interface and an external interface. You can use either interface for Prime NAM management traffic such as the NAM web GUI, telnet or ssh, but not both. You
More informationSecure External Phone Services Configuration Example
Secure External Phone Services Configuration Example Contents Introduction Prerequisites Requirements Components Used Configuration Steps Frequent Ask Questions (FAQ) Troubleshooting Introduction This
More informationCisco Nexus 7000 Series NX-OS Release Notes, Release 5.0
Cisco Nexus 7000 Series NX-OS Release Notes, Release 5.0 Date: November 22, 2010 Part Number: Current Release: 5.0(5) Deferred Release 5.0(2) This document describes the features, caveats, and limitations
More informationCisco Prime Network Analysis Module (Cisco Prime NAM) for Nexus 1110 Installation and Configuration Guide
Cisco Prime Network Analysis Module (Cisco Prime NAM) for Nexus 1110 Installation and Configuration Guide Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : 642-997 Title : Implementing Cisco Data Center Unified Fabric (DCUFI) Vendor : Cisco
More informationConfiguring Mutation Mapping
CHAPTER 5 This chapter describes how to configure the mutation of packet values used to define traffic classes on the Cisco NX-OS device. This chapter includes the following sections: Information About
More informationCisco Nexus 1000V Software Upgrade Guide, Release 4.0(4)SV1(3d)
Cisco Nexus 1000V Software Upgrade Guide, Release 4.0(4)SV1(3d) Revised: May 21, 2011 This document describes how to upgrade the Cisco Nexus 1000V software on a Virtual Supervisor Module (VSM) virtual
More informationConfiguring 802.1X. Finding Feature Information. Information About 802.1X
This chapter describes how to configure IEEE 802.1X port-based authentication on Cisco NX-OS devices. This chapter includes the following sections: Finding Feature Information, on page 1 Information About
More informationNexus 7000 Series Switch. Operational User Guidance (Common Criteria Specific)
- 1 - Nexus 7000 Series Switch Operational User Guidance (Common Criteria Specific) Version 0.7 November 2012 - 2 - DOCUMENT INTRODUCTION Prepared By: Cisco Systems, Inc. 170 West Tasman Dr. San Jose,
More informationConverting from Cisco NX-OS to ACI Boot Mode
This chapter describes how to convert a Cisco Nexus 9000 Series switch from Cisco NX-OS to Cisco Application Centric Infrastructure (ACI) boot mode. It contains the following sections: Converting to ACI
More informationUsing the Cisco NX-OS Setup Utility
This chapter contains the following sections: Configuring the Switch, page 1 Configuring the Switch Image Files on the Switch The Cisco Nexus devices have the following images: BIOS and loader images combined
More informationUsing the Management Interfaces
The following management interfaces are provided for external users and applications: Gigabit Ethernet Management Interface, page 1 SNMP, page 7 Gigabit Ethernet Management Interface Gigabit Ethernet Management
More informationInterchassis Asymmetric Routing Support for Zone-Based Firewall and NAT
Interchassis Asymmetric Routing Support for Zone-Based Firewall and NAT The Interchassis Asymmetric Routing Support for Zone-Based Firewall and NAT feature supports the forwarding of packets from a standby
More informationPT Activity: Configure AAA Authentication on Cisco Routers
PT Activity: Configure AAA Authentication on Cisco Routers Instructor Version Topology Diagram Addressing Table Device Interface IP Address Subnet Mask R1 Fa0/0 192.168.1.1 255.255.255.0 S0/0/0 10.1.1.2
More informationNexus 7000: Configuring OTV VLAN Mapping using VLAN Translation on a Trunk Port
Nexus 7000: Configuring OTV VLAN Mapping using VLAN Translation on a Trunk Port Contents Introduction Prerequisites Requirements Components Used Configure Network Diagram Configurations Verify Reference
More informationConfiguring Policy-Based Routing
CHAPTER 17 This chapter describes how to configure policy based routing. This chapter includes the following sections: Information About Policy Based Routing, page 17-1 Licensing Requirements for Policy-Based
More informationConfiguring Secure Shell on Routers and Switches Running Cisco IOS
Configuring Secure Shell on Routers and Switches Running Cisco IOS Document ID: 4145 Contents Introduction Prerequisites Requirements Components Used Conventions SSH v1 vs. SSH v2 Network Diagram Test
More informationUsing the Cisco NX-OS Setup Utility
This chapter contains the following sections: Configuring the Switch, page 1 Configuring the Switch Image Files on the Switch The Cisco Nexus devices have the following images: BIOS and loader images combined
More informationRADIUS Server Load Balancing
The feature distributes authentication, authorization, and accounting (AAA) authentication and accounting transactions across RADIUS servers in a server group These servers can share the AAA transaction
More informationConfiguring NTP. Information About NTP NTP. This chapter describes how to configure the Network Time Protocol (NTP) on Cisco MDS 9000 Series switches.
This chapter describes how to configure the Network Time Protocol (NTP) on Cisco MDS 9000 Series switches. Information About NTP Information About NTP, on page 1 Prerequisites for NTP, on page 2 Guidelines
More informationConfiguring System Message Logging
This chapter describes how to configure system message logging on Cisco NX-OS devices. This chapter contains the following sections: About System Message Logging, page 1 Licensing Requirements for System
More informationCisco Virtual Networking Solution for OpenStack
Data Sheet Cisco Virtual Networking Solution for OpenStack Product Overview Extend enterprise-class networking features to OpenStack cloud environments. A reliable virtual network infrastructure that provides
More informationPracticeTorrent. Latest study torrent with verified answers will facilitate your actual test
PracticeTorrent http://www.practicetorrent.com Latest study torrent with verified answers will facilitate your actual test Exam : 642-980 Title : Troubleshooting Cisco Data Center Unified Fabric (DCUFT)
More informationTACACS+ Configuration Guide, Cisco IOS XE Release 3S
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More informationConfiguring IPv4. Finding Feature Information. This chapter contains the following sections:
This chapter contains the following sections: Finding Feature Information, page 1 Information About IPv4, page 2 Virtualization Support for IPv4, page 6 Licensing Requirements for IPv4, page 6 Prerequisites
More informationAAA Dead-Server Detection
The feature allows you to configure the criteria to be used to mark a RADIUS server as dead. If no criteria are explicitly configured, the criteria are computed dynamically on the basis of the number of
More informationConfiguring a Terminal/Comm Server
Configuring a Terminal/Comm Server Document ID: 5466 Introduction Prerequisites Requirements Components Used Conventions Cabling Design Strategy Configure Network Diagram Configurations Command Summary
More informationSplit DNS. Finding Feature Information
The feature enables a Cisco device to respond to Domain Name System (DNS) queries using a specific configuration and associated host table cache that are selected based on certain characteristics of the
More informationConfiguring Basic AAA on an Access Server
Configuring Basic AAA on an Access Server Document ID: 10384 Contents Introduction Before You Begin Conventions Prerequisites Components Used Network Diagram General AAA Configuration Enabling AAA Specifying
More informationRemote Access VPN Does Not Work When RADIUS Authentication and Authorization is Configured
Remote Access VPN Does Not Work When RADIUS Authentication and Authorization is Configured Document ID: 117622 Contributed by Osvaldo Garcia and Atri Basu, Cisco TAC Engineers. Apr 11, 2014 Contents Introduction
More informationLab - Securing Administrative Access Using AAA and RADIUS
CCNA Security Lab - Securing Administrative Access Using AAA and RADIUS Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet Interfaces. 2015 Cisco and/or its affiliates.
More informationConfiguring Password Encryption
This chapter describes how to configure password encryption on Cisco NX-OS devices. This chapter includes the following sections: Finding Feature Information, page 1 Information About Password Encryption,
More information