https://community.cisco.com/t5/network-access-control/adding-a-user-role-for-san-switches/m-p/727668#M409110 <HTML><HEAD></HEAD><BODY><P>Ed,</P><P>Nice to know that. Please mark it resolved so other can benifit from it.</P></BODY></HTML> Thu, 23 Aug 2007 16:01:46 GMT Jagdeep Gambhir 2007-08-23T16:01:46Z https://community.cisco.com/t5/network-access-control/adding-a-user-role-for-san-switches/m-p/727665#M409107 <P>I am trying to find the correct location in ACS 3.3 to add the following: roles="network-admin". We have our SAN switches using Tacacs+. When a user other than admin logins, you get the role as "network-operator". This doc Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x explains the role if you are using IOS/PIX Radius. Thank you.</P> Sun, 10 Mar 2019 22:21:15 GMT https://community.cisco.com/t5/network-access-control/adding-a-user-role-for-san-switches/m-p/727665#M409107 edward.gillston 2019-03-10T22:21:15Z https://community.cisco.com/t5/network-access-control/adding-a-user-role-for-san-switches/m-p/727666#M409108 <HTML><HEAD></HEAD><BODY><P>Hi Ed,</P><P>Here is the link,</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_2_x/san-os/configuration/guide/cradtac.html" target="_blank">http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_2_x/san-os/configuration/guide/cradtac.html</A></P><P></P><P></P><P>If you search for:</P><P></P><P>TACACS+ custom attributes can be defined on an Access Control Server (ACS) for various</P><P>services (for example, shell). Cisco MDS 9000 Family switches require the TACACS+ custom</P><P>attribute for the service shell to be used for defining roles.</P><P></P><P>Cisco ACS TACACS+ </P><P></P><P> shell:roles="network-admin"</P><P> shell:roles*"network-admin"</P><P> cisco-av-pair*shell:roles="network-admin"</P><P> cisco-av-pair*shell:roles*"network-admin"</P><P> cisco-av-pair=shell:roles*"network-admin"</P><P></P><P>On the ACS, if you go to: Interface configuration, TACACS+ (Cisco IOS), place a check nex to: " Display a window for each service selected in which you can enter customized TACACS+ attributes".</P><P></P><P>Then go into Group Setup and define the role information according to the above attributes.</P><P></P><P>Hope that helps</P><P></P><P>Regards,</P><P>~JG</P></BODY></HTML> Thu, 23 Aug 2007 14:57:58 GMT https://community.cisco.com/t5/network-access-control/adding-a-user-role-for-san-switches/m-p/727666#M409108 Jagdeep Gambhir 2007-08-23T14:57:58Z https://community.cisco.com/t5/network-access-control/adding-a-user-role-for-san-switches/m-p/727667#M409109 <HTML><HEAD></HEAD><BODY><P>That was the solution. Thank you</P></BODY></HTML> Thu, 23 Aug 2007 15:59:19 GMT https://community.cisco.com/t5/network-access-control/adding-a-user-role-for-san-switches/m-p/727667#M409109 edward.gillston 2007-08-23T15:59:19Z https://community.cisco.com/t5/network-access-control/adding-a-user-role-for-san-switches/m-p/727668#M409110 <HTML><HEAD></HEAD><BODY><P>Ed,</P><P>Nice to know that. Please mark it resolved so other can benifit from it.</P></BODY></HTML> Thu, 23 Aug 2007 16:01:46 GMT https://community.cisco.com/t5/network-access-control/adding-a-user-role-for-san-switches/m-p/727668#M409110 Jagdeep Gambhir 2007-08-23T16:01:46Z