Using local authentication is not best practice. It presents a number of very legitimate security concerns and lacks any separation of duties. We can overcome this by using a centralized authentication system, to connect to an authentication system, such as Microsoft Active Directory.
The ACI fabric supports CHAP, MS-CHAP, and PAP as authorization protocols. In this recipe, we will use PAP to authenticate with a Windows 2008 server, running the RADIUS protocol. In order to achieve this, we will need to use the Management EPG, to provide authentication across the entire fabric.
- Navigate to
Admin
|AAA
|RADIUS Management
. SelectRADIUS Providers
.
- From the
Actions
menu, selectCreate RADIUS Provider
. - Enter the IP address of the RADIUS server, choose the authorization protocol, and enter the key, along with the Management EPG.