Using local authentication is not best practice. It presents a number of very legitimate security concerns and lacks any separation of duties. We can overcome this by using a centralized authentication system, to connect to an authentication system, such as Microsoft Active Directory.
The ACI fabric supports CHAP, MS-CHAP, and PAP as authorization protocols. In this recipe, we will use PAP to authenticate with a Windows 2008 server, running the RADIUS protocol. In order to achieve this, we will need to use the Management EPG, to provide authentication across the entire fabric.