Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1049
Views
0
Helpful
1
Replies

Brocade TACACS authorization with Cisco ISE

SteveFreestone64793
Level 1
Level 1

‎04-14-2020 08:46 AM

Hi,

I have an issue with configuring TACACs authorization through Cisco ISE for some HPE B-Series switches, model is SN65000B (equivalent to Brocade 6520), Brocade FOS is v8.0.2c. We have followed the instructions in the Brocade Admin guide and can logon to the switch via TACACs account. We get admin rights as expected, but admin privilege for the Chassis Role isn't coming through.

 

TACACs configuration on Cisco ISE is:

 

   brcd-role = admin

   brcd-AV-Pair1 = "homeLF=128;LFRoleList=admin:1-128"

   brcd-AV-Pair2 = "chassisRole=admin"

 

Switch output for TACACs user is:

 

Account name: testuser

Description: Remote Account

Enabled: Yes

Password Last Change Date: Unknown (UTC)

Password Expiration Date: Not Applicable (UTC)

Locked: No

Home LF Role: admin

Role-LF List: admin: 1-128

No chassis permission

Home LF: 128 Day Time Access: N/A

 

We have tried changing the capitalisation of the role names and priviledges, but that doesn't have any effect. We have also tried joining the 'brcd-AV-Pair1' and 'brcd-AV-Pair2' parameters into just one 'brcd-AV-Pair1' entry, but that doesn;t have any effect either.


Anybody have any ideas what is wrong and how we can fix?

2 people had this problem
Labels:
0 Helpful
1 Reply 1

rpr910
Level 1
Level 1

‎03-02-2021 10:25 AM

Having the same issue here.  Any fix?

0 Helpful
Customers Also Viewed These Support Documents