Cisco IOS/Nexus 7000 NX-OS 비교 - AAA 관련 명령어 -
| Cisco IOS CLI |
Cisco NX-OS
CLI |
| Enabling
LDAP |
| Cisco IOS Software
does not support LDAP for authentication and authorization
services. |
feature ldap |
| Configuring
an LDAP Search Map |
| N/A |
ldap search-map ldap-map
userprofile attribute-name
description search-filter "sAMAccountNAme=$userid" base-DN
dc=cisco,dc=com |
| Configuring
an LDAP Server |
| N/A |
ldap-server host 192.168.1.1 rootDN
cn=N7K-device,cn=Users,dc=cisco,dc=com password 7
Qxz12345 |
| Configuring
a RADIUS Server with a Key |
| radius-server
host 192.168.1.1 key cisco123 |
radius-server host 192.168.1.1 key 7
"fewhg123" |
| Specifying
Non defualt RADIUS UDP Ports |
| radius-server
host 192.16.1.1 auth-port 1645 acct-port 1646 |
radius-server 192.168.1.1 auth-port
1645 acct-port 1646 |
| Specifying
the RADIUS Timeout Value (Global) |
| radius-server host
192.168.1.1 timeout 10 |
radius-server timeout
10 |
| Specifying
the RADIUS Source Interface (Global) |
| ip radius
source-interface loopback0 |
ip radius source-interface
loopback0 |
| Enabling
TACACS+ |
| Cisco IOS Software
does not have the ability to enable or disable TACACS+. |
feature
tacacs+ |
| Configuring
a TACACS+ Server with a Key |
| tacacs-server
host 192.168.1.1 key cisco123 |
tacacs-server host 192.168.1.1 key 7
"fewhg123" |
| Specifying a
Nondefualt TACACS+ TCP Port |
| tacacs-server
host 192.168.1.1 port 85 |
tacacs-server host 192.168.1.1 port
85 |
| Specifying
the TACACS+ Timeout Value (Global) |
| tacacs-server
timeout 10 |
tacacs-server timeout
10 |
| Specifying
the TACACS+ Source Interface
(Global) |
| ip tacacs
source-interface loopback0 |
ip tacacs source-interface
loopback0 |
| Configuring
an AAA Server Group (LDAP) |
| N/A |
aaa group server ldap
AAA-Servers
server 192.168.1.1
ldap-search-map
ldap-map |
| Configuring
an AAA Server Group (RADIUS) |
| aaa group server
radius AAA-Servers
server
192.168.1.1 |
aaa group server radius
AAA-Servers
server
192.168.1.1 |
| Configuring
an AAA Server Group for a VRF Instance
(RADIUS) |
| aaa group server
radius AAA-Servers
server
192.168.1.1
ip vrf forwarding
management |
aaa group server radius
AAA-Servers
server 192.168.1.1
use-vrf
management |
| Configuring
the AAA Server Group Dead Time
(RADIUS) |
| aaa group server
radius AAA-Servers
deadtime
5 |
aaa group server radius
AAA-Servers
deadtime 5
|
| Configuring
an AAA Server Group (TACACS+) |
| aaa group server
tacacs+ AAA-Servers
server
192.168.1.1 |
aaa group server tacacs+
AAA-Servers
server
192.168.1.1
|
| Enabling AAA
Authentication with an AAA Server
Group |
| aaa
new-model
aaa
authentication login default group AAA-Servers |
aaa authentication login default group
AAA-Servers |
| Enabling AAA
Authorization with an AAA Server
Group |
| aaa
new-model
aaa
authorization config-commands
aaa authorization commands 1
default group AAA-Servers |
aaa authorization config-commands
default group AAA-Servers
aaa authorization commands
default group AAA-Servers |
| Enabling AAA
Accounting with an AAA Server Group |
| aaa
new-model
aaa
accounting exec default start-stop group AAA-Servers |
aaa accounting default group
AAA-Servers |
| Cisco NX-OS AAA |
Cisco IOS Software AAA |
Command
Description |
| show aaa
accounting |
- |
Displays the status of AAA
accounting |
| show aaa
authentication |
- |
Displays the default and
console login methods |
| show aaa authentication
login ascii-authentication |
- |
Displays the status of ascii
authentication; enabled or disabled |
| show aaa authentication
login chap |
- |
Displays the status of the
Challenge Handshake authentication protocol (CHAP); enabled or
disabled |
| show aaa authentication
login error-enable |
- |
Displays the login error
message status; enabled or disabled. |
| show aaa authentication
login mschap |
- |
Displays the status of
Microsoft CHAP (MS-CHAP); enabled or disabled. |
| show aaa authentication
login mschapv2 |
- |
Displays the status of
MS-CHAPv2; enabled or disabled) |
| show aaa
authorization |
- |
Displays the AAA
authorization configuration |
| show aaa
groups |
- |
Displays the AAA groups that
are configured |
| show aaa
users |
show aaa user |
Displays the AAA users that
authenticated remotely |
| -
|
-
|
- |
| show accounting
log |
- |
Displays the local AAA
configuration accounting log |
| -
|
-
|
- |
| show
ldap-search-map |
- |
Displays the global LDAP
search map configuration |
| show
ldap-server |
- |
Displays the LDAP server
configuration for all servers |
| show ldap-server
groups |
- |
Displays LDAP server
groups |
| show ldap-server
statistics <x.x.x.x> |
- |
Displays LDAP statistics for
a specific server |
| -
|
-
|
- |
| show
radius-server |
- |
Displays the RADIUS server
configuration for all servers |
| show radius-server
<x.x.x.x> |
- |
Displays a specific RADIUS
server configuration |
| show radius-server
directed-request |
- |
Displays the status of the
directed-request feature (enabled or disabled) |
| show radius-server
groups |
show radius server-group
|
Displays RADIUS server
groups |
| show radius-server
sorted |
- |
Displays RADIUS servers
sorted by name |
| show radius-server
statistics <x.x.x.x> |
show radius statistics
|
Displays RADIUS statistics
for a specific server |
| -
|
-
|
- |
| show
tacacs-server |
show tacacs |
Displays the TACACS+ server
configuration for all servers |
| show tacacs-server
<x.x.x.x> |
- |
Displays a specific TACACS+
server configuration |
| show tacacs-server
directed-request |
- |
Displays the status of the
directed-request feature (enabled or disabled) |
| show tacacs-server
groups |
- |
Displays TACACS+ server
groups |
| show tacacs-server
sorted |
- |
Displays TACACS+ servers
sorted by name |
| show tacacs-server
statistics <x.x.x.x> |
- |
Displays TACACS+ statistics
for a specific server |
| -
|
-
|
- |
| show
user-account |
- |
Displays a list of locally
configured users |
| show
users |
show users |
Displays the users who are
logged in |
