Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
459
Views
5
Helpful
1
Replies

CSCvd65778 More clarity required

Mukund Sandur
Level 1
Level 1

‎07-06-2017 11:03 PM - edited ‎03-20-2019 09:25 PM

Hi,

CSCvd65778 bug is listed under NX-OS 7.1(4)N1(1) which states that Unable to create new SVI when role on box is network-operator.

Symptom:
We cannot create SVI using TACACS user. 

Conditions:
Using TACACS user is not able to modify or create SVI. Using a local user then we are able to create an SVI.

Network-operator anyways has only read access to device. So how does this bug exactly affecting.

Require more clarity on what does this bug imply..

Labels:
0 Helpful
1 Reply 1

deyadav
Cisco Employee
Cisco Employee

‎03-16-2018 02:30 AM

Pre 7.1(4)N1(1) a remote user as a network-operator with authorization from TACACS+ was able to create/delete SVI or port-channel interfaces. Since 7.1(4)N1(1) user roles are honored and hence they are unable to create/delete SVI/port-channel interfaces even with TACACS+ authorizing it.
Documentation:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/security/7x/b_5500_Security_Config_7x/b_5500_Security_Config_7x_chapter_0101.html
Secton: Configuring Command Authorization on TACACS+ Servers
From Cisco NX-OS Release 7.1(4)N1(1), a user with the network-operator role with authorization to create interfaces will not be able to create interfaces. Only a user with the network-admin role can create interfaces.
Customers Also Viewed These Support Documents