https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705030#M282313 <HTML><HEAD></HEAD><BODY><P>Thanks Neal. this is great screen capture.</P></BODY></HTML> Mon, 06 Aug 2012 15:46:33 GMT Marlon Malinao 2012-08-06T15:46:33Z https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705023#M281927 <P>Hey Community, I am having a really strange issue with Cisco ACS 5.2 and NX-OS Nexus Devices. </P><P></P><P>I create an account on ACS, let's call it User1, and give it privilege 15. With User1, I'm able to access on all of our IOS, IOS-XE, ASA, and PIX devices with privilege 15. </P><P></P><P>When I use that same User1 account into our NEXUS devices, I do NOT get privilege 15 access. As you probably know, NEXUS devices have roles: pre-defined or custom-made roles. So I assumed I would get the role of 'network-admin' (priv 15 read/write) with User1 when logging in, but instead I get the role of 'vdc-operator' (priv 1 read-only). </P><P></P><P>So then I tried to tweak User1 and give it network-admin under Shell profile &gt;&gt; Custom Attributes. I logged into the NEXUS and sure enough I was able to get network-admin access. However, my access to ALL the other devices (IOS, ASA, PIX, etc) doesn't work AT ALL! I'm not even able to log in with my username and password to these devices.</P><P></P><P>Has anyone ever run into this problem? Please Help! <SPAN __jive_emoticon_name="silly" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/silly.gif"></SPAN></P><P></P><P>Thanks,</P><P></P><P>neocec</P> Mon, 11 Mar 2019 01:11:16 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705023#M281927 Giovanni Ceci 2019-03-11T01:11:16Z https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705024#M281995 <HTML><HEAD></HEAD><BODY><P>This is a common issue when mixing authorization policies with RBAC and IOS devices, the av-pair that you created needs to be set to "optional" instead of "mandatory", please make this change and you will be able to get access to all your devices.</P><P></P><P>Thanks,</P><P>Tarik</P></BODY></HTML> Wed, 29 Jun 2011 07:39:35 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705024#M281995 Tarik Admani 2011-06-29T07:39:35Z https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705025#M282041 <HTML><HEAD></HEAD><BODY><P>Hey Tarik,</P><P></P><P>You are a genius! This solution totally worked! I can't thank you enough. Can't believe it was that simple! 5 Stars!!</P><P></P><P>Do you know if there's any Cisco documentation out there that states this?</P><P></P><P>Thanks,</P><P></P><P>Neocec</P></BODY></HTML> Wed, 06 Jul 2011 19:51:06 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705025#M282041 Giovanni Ceci 2011-07-06T19:51:06Z https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705026#M282116 <HTML><HEAD></HEAD><BODY><P>Neocec,</P><P></P><P>Yes here is the documentation that provides insight to the this (they make reference to the = and the *.</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/security/configuration/guide/Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_5.x_chapter6.html#con_1473433">http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/security/configuration/guide/Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_5.x_chapter6.html#con_1473433</A></P><P></P><P>Thanks,</P><P>Tarik</P></BODY></HTML> Fri, 15 Jul 2011 06:14:39 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705026#M282116 Tarik Admani 2011-07-15T06:14:39Z https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705027#M282160 <HTML><HEAD></HEAD><BODY><P>Tarik,</P><P></P><P>Have you seen any issues with Tacacs and Nexus switches where you get an error stating "</P><P>Remote AAA servers unreachable;" but when you look at the ACS logs I see successful authentication for that user.&nbsp; I'm stumped!</P><P></P><P>Thanks,</P><P></P><P>Robert</P></BODY></HTML> Thu, 08 Mar 2012 19:17:39 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705027#M282160 rpettus75 2012-03-08T19:17:39Z https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705028#M282236 <HTML><HEAD></HEAD><BODY><P> Hi, <A _jive_internal="true" href="https://community.cisco.com/people/neocec1981" id="jive-5444975117627361227654" onmouseout="" onmouseover="">Giovanni Ceci</A></P><P></P><P>Can you show me how did you create your shell profile, and Authorization Policy to be used both by IOS and NX-OS?</P><P></P><P></P><P>thanks,</P><P>Marlon</P></BODY></HTML> Mon, 04 Jun 2012 06:16:27 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705028#M282236 Marlon Malinao 2012-06-04T06:16:27Z https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705029#M282271 <HTML><HEAD></HEAD><BODY><P>Here is how to create the shell profile so your users will have network-admin privlidges.<BR />I am using ACS v5.3 and nexus 5ks running code 5.1.3</P><P>I h<IMG src="http://supportforums.cisco.com/sites/default/files/legacy/2/3/9/93932-ACSrole.jpg" class="jive-image" /></P></BODY></HTML> Fri, 29 Jun 2012 21:04:12 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705029#M282271 Neal Gravatt 2012-06-29T21:04:12Z https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705030#M282313 <HTML><HEAD></HEAD><BODY><P>Thanks Neal. this is great screen capture.</P></BODY></HTML> Mon, 06 Aug 2012 15:46:33 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705030#M282313 Marlon Malinao 2012-08-06T15:46:33Z https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705031#M282350 <HTML><HEAD></HEAD><BODY><P>Hi Guys.</P><P>What should be the optimal ACS version to support both IOS and NX-OS?</P><P>I may also include ASR 5Ks.</P><P></P><P>Thanks</P></BODY></HTML> Tue, 11 Sep 2012 02:22:25 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705031#M282350 ar 2012-09-11T02:22:25Z https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705032#M282378 <HTML><HEAD></HEAD><BODY><P>Allan,</P><P></P><P>ACS 5.3 will be your best option, all version support all of the IOS, NX-OS, and IOS-XR, and even CRS. Its a matter of sending the proper task-group av/pairs back in the authorization profile.</P><P></P><P>Thanks,</P><P></P><P></P><P>Tarik Admani <BR />*Please rate helpful posts*</P></BODY></HTML> Tue, 11 Sep 2012 03:09:06 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705032#M282378 Tarik Admani 2012-09-11T03:09:06Z https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705033#M282397 <P>I have the same problem too, i hope your statement works for me... I´ll update tomorrow about the results..</P> Sun, 05 Jul 2015 21:36:57 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-5-2-with-nx-os-devices-nexus-user-issues/m-p/1705033#M282397 miguelfilipe2001 2015-07-05T21:36:57Z