topic How to have different Roles on different VDC's? in Network Access Control https://community.cisco.com/t5/network-access-control/how-to-have-different-roles-on-different-vdc-s/m-p/2153161#M138278 <P>I have ACS 5.3 running TACACS+ and Nexus 7K with 2 x non-default VDC's, VDC-OTV and VDC-CR.</P><P></P><P>I want my TACACS account to have role "vdc-admin" on VDC-CR, and "vdc-operator" on VDC-OTV.</P><P></P><P>What is the best way to achieve this?</P><P></P><P>I tried putting the VDC's into different Network Device Groups, with VDC-CR being in an Authorization Rule that associated the Device Group with the "vdc-admin" Shell Profile. </P><P></P><P>But I'm getting the same roles on both VDC's--both get whatever the role in the Shell Profile.</P><P></P><P>It's possible I'm not organizing the Devices and Network Device Groups correctly. It seems to me when I add a new Device, it knows about all the Device Groups, and the IP range and exclude syntax seems to be a pain. I have existing Device Groups, one with a 10.10.*.* IP range, and I'm trying to isolate these two VDC's out of that IP range into their own individual Device Groups.</P><P></P><P>Thanks!</P> Mon, 11 Mar 2019 03:10:04 GMT 000node000 2019-03-11T03:10:04Z How to have different Roles on different VDC's? https://community.cisco.com/t5/network-access-control/how-to-have-different-roles-on-different-vdc-s/m-p/2153161#M138278 <P>I have ACS 5.3 running TACACS+ and Nexus 7K with 2 x non-default VDC's, VDC-OTV and VDC-CR.</P><P></P><P>I want my TACACS account to have role "vdc-admin" on VDC-CR, and "vdc-operator" on VDC-OTV.</P><P></P><P>What is the best way to achieve this?</P><P></P><P>I tried putting the VDC's into different Network Device Groups, with VDC-CR being in an Authorization Rule that associated the Device Group with the "vdc-admin" Shell Profile. </P><P></P><P>But I'm getting the same roles on both VDC's--both get whatever the role in the Shell Profile.</P><P></P><P>It's possible I'm not organizing the Devices and Network Device Groups correctly. It seems to me when I add a new Device, it knows about all the Device Groups, and the IP range and exclude syntax seems to be a pain. I have existing Device Groups, one with a 10.10.*.* IP range, and I'm trying to isolate these two VDC's out of that IP range into their own individual Device Groups.</P><P></P><P>Thanks!</P> Mon, 11 Mar 2019 03:10:04 GMT https://community.cisco.com/t5/network-access-control/how-to-have-different-roles-on-different-vdc-s/m-p/2153161#M138278 000node000 2019-03-11T03:10:04Z How to have different Roles on different VDC's? https://community.cisco.com/t5/network-access-control/how-to-have-different-roles-on-different-vdc-s/m-p/2153162#M138283 <HTML><HEAD></HEAD><BODY><P>Choi:</P><P></P><P>Post us some screenshots from your ACS configuration (policies, autho profiles...etc) so we give them a look.</P><P></P><P></P><P><SPAN style="color: blue;">Rating useful replies is more useful than saying <SPAN style="color: green;"> "<SPAN style="text-decoration: underline;">Thank you</SPAN>"</SPAN></SPAN></P></BODY></HTML> Sun, 17 Mar 2013 11:22:39 GMT https://community.cisco.com/t5/network-access-control/how-to-have-different-roles-on-different-vdc-s/m-p/2153162#M138283 Amjad Abdullah 2013-03-17T11:22:39Z