Connecting to a RADIUS server
Using local authentication is not best practice. It presents a number of very legitimate security concerns and lacks any separation of duties. We can overcome this by using a centralized authentication system, to connect to an authentication system, such as Microsoft Active Directory.
The ACI fabric supports CHAP, MS-CHAP, and PAP as authorization protocols. In this recipe, we will use PAP to authenticate with a Windows 2008 server, running the RADIUS protocol. In order to achieve this, we will need to use the Management EPG, to provide authentication across the entire fabric.
How to do it...
- Navigate to
Admin |ÂAAA |RADIUS Management. SelectRADIUS Providers.
- From the
Actionsmenu, selectCreate RADIUS Provider. - Enter the IP address of the RADIUS server, choose the authorization protocol, and enter the key, along with the Management EPG.
Note
If you use a management EPG other than the default one (Out-of-Band), make sure that it has access to the RADIUS, LDAP, or...
