AAA Server Distribution – Cisco Storage Security
Configuration for RADIUS and TACACS+ AAA on a Cisco MDS switch can be distributed using the Cisco Fabric Services (CFS). The distribution is disabled by default. After the distribution is enabled, the first server or global configuration starts an implicit session. All server configuration commands entered thereafter are stored in a temporary database and applied to all switches in the fabric (including the originating one) when you explicitly commit the database. The various server and global parameters are distributed, except the server and global keys. These keys are unique secrets to a switch and should not be shared with other switches. Only switches where distribution is enabled can participate in the distribution activity. A distribution session starts the moment you begin a RADIUS/TACACS+ server or global configuration. Radius configuration distribution can be configured using the radius distribute command, and TACACS+ server distribution can be configured using the tacacs+ distribute command.…