Home‎ > ‎cisco‎ > ‎Nexus‎ > ‎

Nexus Radius Config

Note that the following configs are not in their correct order, but I mixed them up to better discuss them. 

radius-server host key 7 "x99gL3e1ow" authentication accounting
radius-server host key 7 "x99gL3e1ow" authentication accounting
radius-server directed-request

aaa authentication login console local
aaa authentication login default group ACS

aaa group server radius ACS
    use-vrf management

Reviewing the configs:
  • First two lines (radius-server host) define what the IP of the radius server is, the preshared key (in quotes), the encryption of the key (7= encrypted, 0= plaintext), and that accounting should be enabled.
  • The third line (radius-server directed-request) states that log in requests should be sent to the radius server.  
  • The forth line (aaa authentication login console) specifies that console logins should be authenticated with the local accounts, and not against the radius server
  • The fifth line (aaa authentication login default) specifies that default log in's should be authenticated as per the instructions in the group "ACS".  See next line for the description of that group.  
  • The sixth line (aaa group server radius) defines the radius longin group "ACS".  It lists the two servers to use, and it also states to use the vrf named "management" for all aaa comms.