cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
327
Views
1
Helpful
3
Replies

ISE with Cisco ACI

manvik
Level 3
Level 3

how to enforce Tacacs commands in ACI APIC controller. Referred this document and successfully integrated - https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-32/220433-configure-apic-for-device-administration.html

but how to restrict an L1 or L2 user with few commands or access to few devices.

3 Replies 3

Greg Gibbs
Cisco Employee
Cisco Employee

You would need to create a custom Role in APIC with the required users and permissions and have ISE send the respective Cisco AV-pair for the respective TACACS Profile.
https://www.cisco.com/c/en/us/td/docs/dcn/aci/apic/6x/security-configuration/cisco-apic-security-configuration-guide-60x/access-authentication-and-accounting-60x.html#concept_78EBA92DE8D546F999226ABA6EBE3072

manvik
Level 3
Level 3

Thank you Greg,
can you help what all values shd be in Cisco AV-Pair like an example.

There is an example and formatting information in the document that was shared. If you're looking for help creating and defining the Role and Permissions for your use case, that would be a better question for the ACI Community space.