Configuring Security Features on an External AAA Server
Disabling AAA Authentication
You can turn off password verification using the none option. If you configure this option, users can log in
without giving a valid password. But the user should at least exist locally on the Cisco MDS 9000 Family
switch.
Caution
Use this option cautiously. If configured, any user can access the switch at any time.
Refer to theCisco MDS 9000 Family NX-OS Security Configuration Guide to configure this option.
Use the none option in the aaa authentication login command to disable password verification.
A user created by entering the username command will exist locally on the Cisco MDS 9000 Family switch.
Displaying AAA Authentication
The show aaa authentication command displays the configured authentication methods as shown in the
following example.
Displays Authentication Information
switch# show aaa authentication
Configuring Accounting Services
Accounting refers to the log information that is kept for each management session in a switch. This information
may be used to generate reports for troubleshooting and auditing purposes. Accounting can be implemented
locally or remotely (using RADIUS). The default maximum size of the accounting log is 250,000 bytes and
cannot be changed.
Tip
The Cisco MDS 9000 Family switch uses interim-update RADIUS accounting-request packets to communicate
accounting log information to the RADIUS server. The RADIUS server must be appropriately configured to
log the information communicated in these packets. Several servers typically have log update/watchdog
packets flags in the AAA client configuration. Turn on this flag to ensure proper RADIUS accounting.
Note
Configuration operations are automatically recorded in the accounting log if they are performed in configuration
mode. Additionally, important system events (for example, configuration save and system switchover) are
also recorded in the accounting log.
No AAA Authentication
default: group TacServer local none
console: local none
iscsi: local
dhchap: local
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
Disabling AAA Authentication
91