Re: How to control command on Nexus switch with ACS based on priv leve - Cisco Community

579

Views

0

Helpful

2

Replies

Hi,

We want to allow some ReadOnly users to do show running command with nexus switch but not allow them to still make any change configuration. It seems RO users can put some commands but they can't put show run command yet. Following snapshots are our setups regarding ReadOnly access policy on ACS.

How can we make this work?

2 Replies 2

NX-OS uses Roles to assign privileges, so you would need to use either the network-operator or vdc-operator role, or create a custom role.

See an example in the Cisco ISE Device Administration Prescriptive Deployment Guide

More information on RBAC can be found here (assuming Nexus 9000):
https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/104x/configuration/security/cisco-nexus-9000-series-nx-os-security-configuration-guide-release-104x/m-configuring-user-accounts-and-rbac.html

Do I have to create manually user account on the switch? How can the NX-OS RBAC work with existing control access server(ACS in our case)?

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community