https://community.cisco.com/t5/network-access-control/tacacs-av-pair-multiple-roles/m-p/2252664#M112310 <HTML><HEAD></HEAD><BODY><P>Where we have to configure and apply these settings. Could you please help.<BR /><BR />Sent from Cisco Technical Support iPad App</P></BODY></HTML> Tue, 23 Jul 2013 13:53:36 GMT veer.pratap 2013-07-23T13:53:36Z https://community.cisco.com/t5/network-access-control/tacacs-av-pair-multiple-roles/m-p/2252662#M112271 <P>Hi</P><P></P><P>i m looking for a solution to have multiple roles for the tacacs+ config on the ACS. (4.1) so that i can have cli read-write access on Nexus switches and also read-write (admin) on the UCS manager which is webbased. </P><P></P><P>is this possible? network-admin works on Nexus, but i m read-only if i log in to UCS manager. </P><P></P><P>Ive tried somethings in an ACS test group , but it doesn t work yet.&nbsp; </P><P>Does someone know if this is possible and what syntax is correct? </P><P></P><P>I ve tried different kinds of syntax like this, but no luck yet. Only the first entry works, in this case admin aaa</P><P></P><P><EM>cisco-av-pair*shell:roles="admin&nbsp; aaa" shell:roles="network-admin" </EM></P><P><EM> </EM></P><P>Like i said, not sure if this is even possible</P><P></P><P>Thanks in advance!&nbsp; </P> Mon, 11 Mar 2019 03:33:36 GMT https://community.cisco.com/t5/network-access-control/tacacs-av-pair-multiple-roles/m-p/2252662#M112271 Ton V Engelen 2019-03-11T03:33:36Z https://community.cisco.com/t5/network-access-control/tacacs-av-pair-multiple-roles/m-p/2252663#M112287 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>already found the solution: </P><P></P><P>this syntax does the trick</P><P></P><P>cisco-av-pair*shell:roles="network-admin&nbsp; admin aaa"</P><P></P><P><SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_macro_emoticon" src="https://community.cisco.com/4.5.4/images/tiny_mce3/plugins/jiveemoticons/images/spacer.gif"></SPAN></P></BODY></HTML> Wed, 19 Jun 2013 13:18:25 GMT https://community.cisco.com/t5/network-access-control/tacacs-av-pair-multiple-roles/m-p/2252663#M112287 Ton V Engelen 2013-06-19T13:18:25Z https://community.cisco.com/t5/network-access-control/tacacs-av-pair-multiple-roles/m-p/2252664#M112310 <HTML><HEAD></HEAD><BODY><P>Where we have to configure and apply these settings. Could you please help.<BR /><BR />Sent from Cisco Technical Support iPad App</P></BODY></HTML> Tue, 23 Jul 2013 13:53:36 GMT https://community.cisco.com/t5/network-access-control/tacacs-av-pair-multiple-roles/m-p/2252664#M112310 veer.pratap 2013-07-23T13:53:36Z https://community.cisco.com/t5/network-access-control/tacacs-av-pair-multiple-roles/m-p/2252665#M112329 <HTML><HEAD></HEAD><BODY><P>Hi Veer Pratap,</P><P></P><P>What ACS code are you using (ACS 4.x or ACS 5.x)?</P><P></P><P>Configuring ACS 5.x to authenticate Role Based Access Control (RBAC) users on a Nexus 5000 switch via TACACS</P><P><A class="jive-link-wiki-small" href="https://community.cisco.com/docs/DOC-14273">https://supportforums.cisco.com/docs/DOC-14273</A></P><P></P><P>In case you're using ACS 4.x then you can configure this attribute per user or per group.</P><P></P><P>First, go to Interface Configuration -&gt; TACACS+ and enable "Display a window for each service selected in which you can enter customized TACACS+ attributes".</P><P></P><P>Next, go to the user or group where you want to grant this role and check the box next to "Shell (exec)" and in the custom attributes field below add the role assignment.</P><P></P><P>If you will be authenticating on both NX-OS and UCS devices, use * instead of = to make the role optional or the UCS devices will fail authorization.</P><P></P><P></P><P>~BR <BR />Jatin Katyal <BR /> <BR />**Do rate helpful posts**</P></BODY></HTML> Tue, 23 Jul 2013 14:08:48 GMT https://community.cisco.com/t5/network-access-control/tacacs-av-pair-multiple-roles/m-p/2252665#M112329 Jatin Katyal 2013-07-23T14:08:48Z https://community.cisco.com/t5/network-access-control/tacacs-av-pair-multiple-roles/m-p/2252666#M112387 <HTML><HEAD></HEAD><BODY><P>Thanks Jatin, i have acs 4.1 ,i will just check and let you know if it works..<BR /><BR />Sent from Cisco Technical Support iPad App</P></BODY></HTML> Tue, 23 Jul 2013 14:52:54 GMT https://community.cisco.com/t5/network-access-control/tacacs-av-pair-multiple-roles/m-p/2252666#M112387 veer.pratap 2013-07-23T14:52:54Z https://community.cisco.com/t5/network-access-control/tacacs-av-pair-multiple-roles/m-p/2252667#M112400 <HTML><HEAD></HEAD><BODY><P>Sure, let us know in case you need any further assistance.</P><P></P><P></P><P>~BR <BR />Jatin Katyal <BR /> <BR />**Do rate helpful posts**</P></BODY></HTML> Tue, 23 Jul 2013 14:57:15 GMT https://community.cisco.com/t5/network-access-control/tacacs-av-pair-multiple-roles/m-p/2252667#M112400 Jatin Katyal 2013-07-23T14:57:15Z