Re: Making ACS 5.3 work correctly with NCS

steve switzer · ‎06-19-2012

Hi All

I am trying to get the ACS 5.3 to work with NCS but cannot make it work correctly.

I have looked at this link -

http://www.cisco.com/en/US/products/ps6305/products_tech_note09186a0080b904a4.shtml

But this does not show how the ACS referencing AD groups would work when determining

which custom attributes to use.

On the ACS 5.3 i have set up the following -

The ad is working and in Users and identity stores/External identity stores/Active Directory then my AD test works fine.

I have set up the Users and Identity stores/Identity Groups with appropriate ip s.

I have configured the Network Device Groups/Network Devices and AAA Clients with the ip address and Authenication optionsA

In Policy Elements/Authorisation and Permissions/device administration/shell profiles

I have creeated a shell profile called network shell pro

which das a common tasks of def priv = 0 and max priv = 15

Custom attributes of the following -

role0 Mandatory Admin

task7 Mandatory Administration Menu Access

task69 Mandatory Home menu access

virtual-domain1 Mandatory CRUK

task80 Mandatory License Check

virtual-domain0 Mandatory ROOT-DOMAIN

IN Access Policies/Access services/Default Device Admin

i have identity and Authorisation ticked -

identity = AD1

Authorisation =

name AD1:External groups Compound Condition NDG:Device Type NDG:Location time/date identity group shell profile

Rule-1 ANY AD Group In all device types:Cisco Prime Any any any network shell pro

Now i can get into the NCS but i do not see any of the administration buttons on NCS - so

this means the custom attributes are not working.

Any ideas on why this is not working - i shouldnt need a user for this on the ACS as its using AD !!!

Thanks in Advance

Steve

usnetworkguy · ‎10-10-2012

Hello

Please find the attached. I added all in the the screen shots to make it work.

Thanks

Reginald Pugh · ‎03-22-2013

Hi usnetworkguy. Can you make that rft a .txt document ? Having same issue.

kimreck · ‎09-16-2013

role0=Admin

task0=Users and Groups

task1=Audit Trails

task2=TACACS+ Servers

task3=RADIUS Servers

task4=Logging

task5=License Center

task6=Scheduled Tasks and Data Collection

task7=User Preferences

task8=System Settings

task9=View Alerts and Events

task10=Email Notification

task11=Delete and Clear Alerts

task12=Pick and Unpick Alerts

task13=Configure Controllers

task14=Configure Templates

task15=Configure Config Groups

task16=Configure Access Points

task17=Configure Choke Points

task18=Monitor Controllers

task19=Monitor Access Points

task20=Monitor Clients

task21=Monitor Tags

task22=Monitor Security

task23=Monitor Chokepoints

task24=Mesh Reports

task25=Client Reports

task26=Performance Reports

task27=Security Reports

task28=Location Server Management

task29=View Location Notifications

task30=Maps Read Only

task31=Maps Read Write

task32=Client Location

task33=Rogue Location

task34=Planning Mode

task35=Ack and Unack Alerts

task36=Migration Templates

task37=Configure Spectrum Experts

task38=Monitor Spectrum Experts

task39=Virtual Domain Management

task40=Scheduled Configuration Tasks

task41=Configure ACS View Servers

task42=Auto Provisioning

task43=RRM Dashboard

task44=Voice Audit Report

task45=Config Audit Dashboard

task46=High Availability Configuration

task47=Health Monitor Details

task48=Configure WIPS Profiles

task49=Global SSID Groups

task50=WIPS Service

task51=Configure Lightweight Access Point Templates

task52=Configure Autonomous Access Point Templates

task53=Guest Reports

task54=Configure Ethernet Switch Ports

task55=Configure Ethernet Switches

task56=Device Reports

task57=Network Summary Reports

task58=Compliance Reports

task59=Report Launch Pad

task60=Run Reports List

task61=Saved Reports List

task62=Report Run History

task63=Monitor Interferers

task64=CleanAir Reports

task65=Automated Feedback

task66=TAC Case Attachment Tool