Solved: Cisco ACI Tacacs+ Integration - Direct Node Access

sachin.gawli · ‎07-03-2016

I had successfully integrated Cisco ACI 1.3 with Cisco ACS server. I am able to login to Cisco ACI GUI using AAA username & password.

But when I am directly doing SSH to any leaf node then I am not able to login using AAA username password. I am able to login using local username password only.

I think I need to use some specific format for username when login to any node directly which will specify authentication realm.

Any body came across this kind of situation ?

cowser1979 · ‎07-13-2016

I had this issue, and TAC helped me out. 2 things...

1. you have to authenticate with the following format

login as: apic#(AAA domain name)\\(AAA username)

apic# is NOT a variable, you have to type apic# ---> this caused some confusion on my part

2. you have to enable your AAA server to pass the same AvPair value for all devices, not just the APIC.

we run 1.3(2f)

View solution in original post

cowser1979 · ‎07-13-2016