cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2110
Views
0
Helpful
2
Replies

Cisco ACI Tacacs+ Integration - Direct Node Access

sachin.gawli
Level 1
Level 1

I had successfully integrated Cisco ACI 1.3 with Cisco ACS server. I am able to login to Cisco ACI GUI using AAA username & password.

But when I am directly doing SSH to any leaf node then I am not able to login using AAA username password. I am able to login using local username password only.

I think I need to use some specific format for username when login to any node directly which will specify authentication realm.

Any body came across this kind of situation ? 

1 Accepted Solution

Accepted Solutions

cowser1979
Level 1
Level 1

I had this issue, and TAC helped me out.  2 things...

1. you have to authenticate with the following format

login as: apic#(AAA domain name)\\(AAA username)

apic# is NOT a variable, you have to type apic#  ---> this caused some confusion on my part

2. you have to enable your AAA server to pass the same AvPair value for all devices, not just the APIC.

we run 1.3(2f)

View solution in original post

2 Replies 2

cowser1979
Level 1
Level 1

I had this issue, and TAC helped me out.  2 things...

1. you have to authenticate with the following format

login as: apic#(AAA domain name)\\(AAA username)

apic# is NOT a variable, you have to type apic#  ---> this caused some confusion on my part

2. you have to enable your AAA server to pass the same AvPair value for all devices, not just the APIC.

we run 1.3(2f)

For the records the domain, its the domain configured in APIC, like the example in screenshot.

 

Screenshot - 22_05_2018 , 03_21_32 p_m.png

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License