A Commands
This chapter describes the Cisco Nexus 1000V commands that begin with A.
aaa authentication login console
To configure AAA authentication methods for console logins, use the
aaa authentication login console
command. To revert to the default, use the
no
form of this command.
aaa authentication login console {group
group-list
} [none] | local
| none
}
no
aaa authentication login console {group
group-list
[none] | local
| none
}
Syntax Description
group
|
Specifies to use a server group for authentication.
|
group-list
|
Specifies a space-separated list of server groups. The list can include the following:
-
radius
for all configured RADIUS servers.
-
tacacs+
for all configured TACACS+ servers.
-
Any configured RADIUS or TACACS+ server group name.
|
none
|
Specifies to use the username for authentication.
|
local
|
Specifies to use the local database for authentication.
|
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
The
group radius, group tacacs+
, and
group
group-list
methods refer to a set of previously defined RADIUS or TACACS+ servers. Use the
radius-server host
or
tacacs-server host
command to configure the host servers. Use the
aaa group server
command to create a named group of servers.
Use the
show aaa group
command to display the RADIUS server groups on the device.
If you specify more that one server group, the software checks each group in the order that you specify in the list.
If you specify the
group
method or
local
method and they fail, then the authentication can fail. If you specify the
none
method alone or after the
group
method, then the authentication always succeeds.
Examples
This example shows how to configure the AAA authentication console login methods:
n1000v(config)# aaa authentication login console group radius
This example shows how to revert to the default AAA authentication console login method:
n1000v(config)# no aaa authentication login console group radius
Related Commands
|
|
aaa group server
|
Configures AAA server groups.
|
radius-server host
|
Configures RADIUS servers.
|
show aaa authentication
|
Displays AAA authentication information.
|
show aaa group
|
Displays the AAA server groups.
|
tacacs-server host
|
Configures TACACS+ servers.
|
aaa authentication login default
To configure the default AAA authentication methods, use the
aaa authentication login default
command. To revert to the default, use the
no
form of this command.
aaa authentication login default
{
group
group-list
}
[
none
]
|
local
|
none
}
no
aaa authentication login default
{
group
group-list
[
none
] |
local
|
none
}
Syntax Description
group
|
Specifies a server group list to be used for authentication.
|
group-list
|
Space-separated list of server groups that can include the following:
-
radius
for all configured RADIUS servers.
-
tacacs+
for all configured TACACS+ servers.
-
Any configured RADIUS or TACACS+ server group name.
|
none
|
(Optional) Specifies to use the username for authentication.
|
local
|
Specifies to use the local database for authentication.
|
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
The
group radius, group tacacs+
, and
group
group-list
methods refer to a set of previously defined RADIUS or TACACS+ servers. Use the
radius-server host
or
tacacs-server host
command to configure the host servers. Use the
aaa group server
command to create a named group of servers.
Use the
show aaa group
command to display the RADIUS server groups on the device.
If you specify more that one server group, the software checks each group in the order that you specify in the list.
If you specify the
group
method or
local
method and they fail, then the authentication fails. If you specify the
none
method alone or after the
group
method, then the authentication always succeeds.
Examples
This example shows how to configure the AAA authentication console login method:
n1000v(config)# aaa authentication login default group radius
This example shows how to revert to the default AAA authentication console login method:
n1000v(config)# no aaa authentication login default group radius
Related Commands
|
|
aaa group server
|
Configures AAA server groups.
|
radius-server host
|
Configures RADIUS servers.
|
show aaa authentication
|
Displays AAA authentication information.
|
show aaa group
|
Displays the AAA server groups.
|
tacacs-server host
|
Configures TACACS+ servers.
|
aaa authentication login error-enable
To configure an AAA authentication failure message to display on the console, use the
aaa authentication login error-enable
command. To remove the error message, use the
no
form of this command.
aaa authentication login error-enable
no
aaa authentication login error-enable
Syntax Description
This command has no arguments or keywords.
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
If none of the remote AAA servers respond when a user logs in, the authentication is processed by the local user database. If you have enabled the display, one of the following message is generated for the user:
Remote AAA servers unreachable; local authentication done. Remote AAA servers unreachable; local authentication failed.
Examples
This example shows how to enable the display of AAA authentication failure messages to the console:
n1000v(config)# aaa authentication login error-enable
This example shows how to disable the display of AAA authentication failure messages to the console:
n1000v(config)# no aaa authentication login error-enable
Related Commands
|
|
show aaa authentication login error-enable
|
Displays the status of the AAA authentication failure message display.
|
aaa authentication login mschap
To enable Microsoft Challenge Handshake Authentication Protocol (MSCHAP) authentication at login, use the
aaa authentication login mschap
command. To disable MSCHAP, use the
no
form of this command.
aaa authentication login mschap
no
aaa authentication login mschap
Syntax Description
This command has no arguments or keywords.
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Examples
This example shows how to enable MSCHAP authentication:
n1000v(config)# aaa authentication login mschap
This example shows how to disable MSCHAP authentication:
n1000v(config)# no aaa authentication login mschap
Related Commands
|
|
show aaa authentication login mschap
|
Displays the status of MSCHAP authentication.
|
aaa group server radius
To create a RADIUS server group, use the
aaa group server radius
command. To delete a RADIUS server group, use the
no
form of this command.
aaa group server
radius
group-name
no
aaa group server
radius
group-name
Syntax Description
group-name
|
RADIUS server group name.The name is alphanumeric and case-sensitive. The maximum length is 64 characters.
|
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Examples
This example shows how to create a RADIUS server group and enter RADIUS Server Configuration mode for configuring the specified server group:
n1000v(config)# aaa group server radius RadServer
This example shows how to delete a RADIUS server group:
n1000v(config)# no aaa group server radius RadServer
Related Commands
|
|
show aaa groups
|
Displays server group information.
|
radius-server host
|
Defines the IP address or hostname for a RADIUS server.
|
aaa group server tacacs+
To create a TACACS+ server group, use the
aaa group server tacacs+
command. To delete a TACACS+ server group, use the
no
form of this command.
aaa group server
tacacs+
group-name
no
aaa group server tacacs+
group-name
Syntax Description
group-name
|
TACACS+ server group name. The name is alphanumeric and case-sensitive. The maximum length is 64 characters.
|
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
You must enable TACACS+ using the
tacacs+ enable
command before you can configure TACACS+.
Examples
This example shows how to create a TACACS+ server group:
n1000v(config)# aaa group server tacacs+ TacServer
This example shows how to delete a TACACS+ server group:
n1000v(config)# no aaa group server tacacs+ TacServer
Related Commands
|
|
tacacs+ enable
|
Enables TACACS+.
|
show aaa groups
|
Displays server group information.
|
assign port-profile-role
To assign a port profile role to a specific port profile, use the
assign port-profile-role
command. To remove the role from the profile, use the
no
form of this command.
assign
port-profile-role
port-profile-role-name
no
assign
port-profile-role
port-profile-role-name
Syntax Description
port-profile-role-name
|
Name of the port profile role.
|
Command Modes
port-profile configuration (config-port-profile)
network-admin
Command History
|
|
4.2(1)SV1(4)
|
This command was introduced.
|
Examples
This example shows how to assign a port profile role to a specific port profile:
n1000v(config)# port-profile allaccess2 n1000v(config-port-prof)# assign port-profile-role adminUser
This example shows how to remove a role from a port profile configuration:
n1000v(config)# port-profile allaccess2 n1000v(config-port-prof)# no assign port-profile-role adminUser
Related Commands
|
|
port-profile
|
Creates a port profile.
|
show port-profile-role
|
Displays the port profile role configuration, including role names, descriptions, assigned users, and assigned groups.
|
show port-profile-role users
|
Displays available users and groups.
|
show port-profile
|
Displays the port profile configuration, including roles assigned to them.
|
port-profile-role
|
Creates a port profile role.
|
user
|
Assigns a user to a port profile role.
|
group
|
Assigns a group to a port profile role.
|
feature port-profile-role
|
Enables support for the restriction of port profile roles.
|
port-profile
|
Creates a port profile.
|
attach module
To access the standby Virtual Supervisor Module (VSM) console from the active VSM, use the
attach module
command.
attach module
module-number
Syntax Description
module-number
|
Number that identifies an existing module. The range is 1–66.
Note Only one value, 2, is operational. |
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Examples
This example shows how to attach to the console of the secondary VSM:
n1000v(
config)
# attach module 2
Usage Guidelines
Although the allowable range of module numbers is from 1–66, only one value, 2, is operational.
Related Commands
|
|
show cores
|
Displays a list of cores.
|
show processes log
|
Displays a list of process logs.
|
show system redundancy status
|
Checks redundancy status.
|
show system internal sysmgr state
|
Checks the system internal sysmgr state.
|
reload module
|
Reloads a module.
|