07-29-2024 09:26 PM
how to enforce Tacacs commands in ACI APIC controller. Referred this document and successfully integrated - https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-32/220433-configure-apic-for-device-administration.html
but how to restrict an L1 or L2 user with few commands or access to few devices.
07-29-2024 11:36 PM
You would need to create a custom Role in APIC with the required users and permissions and have ISE send the respective Cisco AV-pair for the respective TACACS Profile.
https://www.cisco.com/c/en/us/td/docs/dcn/aci/apic/6x/security-configuration/cisco-apic-security-configuration-guide-60x/access-authentication-and-accounting-60x.html#concept_78EBA92DE8D546F999226ABA6EBE3072
07-30-2024 06:02 AM
Thank you Greg,
can you help what all values shd be in Cisco AV-Pair like an example.
07-30-2024 03:06 PM
There is an example and formatting information in the document that was shared. If you're looking for help creating and defining the Role and Permissions for your use case, that would be a better question for the ACI Community space.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide