Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
216
Views
0
Helpful
2
Replies

How to control command on Nexus switch with ACS based on priv level

kay.kang
Beginner
Beginner

‎09-12-2023 06:01 PM

Hi,

We want to allow some ReadOnly users to do show running command with nexus switch but not allow them to still make any change configuration. It seems RO users can put some commands but they can't put show run command yet. Following snapshots are our setups regarding ReadOnly access policy on ACS. 

How can we make this work?

 

ACS setup_1.JPGACS setup_2.JPG

0 Helpful
2 Replies 2

Greg Gibbs
Cisco Employee
Cisco Employee

‎09-12-2023 07:41 PM

NX-OS uses Roles to assign privileges, so you would need to use either the network-operator or vdc-operator role, or create a custom role.

See an example in the Cisco ISE Device Administration Prescriptive Deployment Guide

More information on RBAC can be found here (assuming Nexus 9000):
https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/104x/configuration/security/cisco-nexus-9000-series-nx-os-security-configuration-guide-release-104x/m-configuring-user-accounts-and-rbac.html

 

0 Helpful

kay.kang
Beginner
Beginner
In response to Greg Gibbs

‎09-12-2023 08:54 PM - edited ‎09-12-2023 08:58 PM

Do I have to create manually user account on the switch? How can the NX-OS RBAC work with existing control access server(ACS in our case)? 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents