The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco Nexus1000V commands that begin with the letter A.
To configure the accounting, authorization, and authentication (AAA) authentication methods for console logins, use the aaa authentication login console command. To revert to the default, use the no form of this command.
aaa authentication login console {group group-list} [none] | local | none}
no aaa authentication login console {group group-list [none] | local | none}
local
Global configuration (config)
network-admin
The group radius, group tacacs+, and group group-list methods refer to a set of previously defined RADIUS or TACACS+ servers. Use the radius-server host or tacacs-server host command to configure the host servers. Use the aaa group server command to create a named group of servers.
Use the show aaa group command to display the RADIUS server groups on the device.
If you specify more that one server group, the software checks each group in the order that you specify in the list.
If you specify the group method or local method and they fail, then the authentication can fail. If you specify the none method alone or after the group method, the authentication always succeeds.
This example shows how to configure an AAA authentication console login methods:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# aaa authentication login console group radius
This example shows how to revert to the default AAA authentication console login method:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# no aaa authentication login console group radius
To configure the default accounting, authorization, and authentication (AAA) authentication methods, use the aaa authentication login default command. To revert to the default, use the no form of this command.
aaa authentication login default {group group-list [none] | local | none}
no aaa authentication login default {group group-list [none] | local | none}
local
Global configuration (config)
network-admin
The group radius, group tacacs+, and group group-list methods refer to a set of previously defined Remote Authentication Dial-In User Service (RADIUS) server or TACACS+ servers. Use the radius-server host or tacacs-server host command to configure the host servers. Use the aaa group server command to create a named group of servers.
Use the show aaa group command to display the RADIUS server groups on the device.
If you specify more that one server group, the software checks each group in the order that you specify in the list.
If you specify the group method or local method and they fail, then the authentication fails. If you specify the none method alone or after the group method, then the authentication always succeeds.
This example shows how to configure the AAA authentication console login method:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# aaa authentication login default group radius
This example shows how to revert to the default AAA authentication console login method:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# no aaa authentication login default group radius
To configure a accounting, authorization, and authentication (AAA) authentication failure message to display on the console, use the aaa authentication login error-enable command. To remove the error message, use the no form of this command.
aaa authentication login error-enable
no aaa authentication login error-enable
This command has no arguments or keywords.
Disabled
Global configuration (config)
network-admin
If none of the remote AAA servers respond when a user logs in, the authentication is processed by the local user database. If you have enabled the display, one of the following message is generated for the user:
Remote AAA servers unreachable; local authentication done.
Remote AAA servers unreachable; local authentication failed.
This example shows how to enable the display of AAA authentication failure messages to the console:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# aaa authentication login error-enable
This example shows how to disable the display of AAA authentication failure messages to the console:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# no aaa authentication login error-enable
|
|
---|---|
show aaa authentication login error-enable |
Displays the status of the AAA authentication failure message display. |
To enable the Microsoft Challenge Handshake Authentication Protocol (MSCHAP) authentication at login, use the aaa authentication login mschap command. To disable MSCHAP, use the no form of this command.
aaa authentication login mschap
no aaa authentication login mschap
This command has no arguments or keywords.
Disabled
Global configuration (config)
network-admin
This example shows how to enable MSCHAP authentication:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# aaa authentication login mschap
This example shows how to disable MSCHAP authentication:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# no aaa authentication login mschap
|
|
---|---|
show aaa authentication login mschap |
Displays the status of MSCHAP authentication. |
To create a Remote Authentication Dial-In User Service (RADIUS) server group, use the aaa group server radius command. To delete a RADIUS server group, use the no form of this command.
aaa group server radius group-name
no aaa group server radius group-name
None
Global configuration (config)
network-admin
This example shows how to create a RADIUS server group and enter RADIUS server configuration mode for configuring the specified server group:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# aaa group server radius RadServer
n1000v(config-radius)#
This example shows how to delete a RADIUS server group:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# no aaa group server radius RadServer
|
|
---|---|
radius-server host |
Defines the IP address or hostname for a RADIUS server. |
show aaa groups |
Displays server group information. |
To create a Terminal Access Controller Access Control System Plus (TACACS+) server group, use the aaa group server tacacs+ command. To delete a TACACS+ server group, use the no form of this command.
aaa group server tacacs+ group-name
no aaa group server tacacs+ group-name
group-name |
TACACS+ server group name. The name is alphanumeric, case-sensitive, and has a maximum length of 64 characters. |
None
Global configuration (config)
network-admin
You must enable TACACS+ using the tacacs+ enable command before you can configure TACACS+.
This example shows how to create a TACACS+ server group:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# aaa group server tacacs+ TacServer
n1000v(config-radius)#
This example shows how to delete a TACACS+ server group:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# no aaa group server tacacs+ TacServer
|
|
---|---|
show aaa groups |
Displays server group information. |
tacacs+ enable |
Enables TACACS+. |
To access the standby Virtual Supervisor Module (VSM) console from the active VSM, use the attach module command.
attach module module-number
module-number |
Module number. The range is from 1 to 66. Note The module number should match that of the standby VSM. |
None
Global configuration (config)
network-admin
Although the allowable range of module numbers is from 1-66, the module number should match that of the standby VSM.
This example shows how to attach to the console of the secondary VSM:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# attach module 2
Attaching to module 2 ...
To exit type 'exit', to abort type '$.'
Last login: Mon May 13 12:36:02 UTC 2013 from sup1 on pts/0
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2013, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and http://www.opensource.org/licenses/lgpl-2.1.php
n1000v(standby)#
|
|
---|---|
reload module |
Reloads a module. |
show cores |
Displays a list of cores. |
show processes log |
Displays a list of process logs. |
show system redundancy status |
Displays redundancy status. |