cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1889
Views
0
Helpful
3
Replies

Making ACS 5.3 work correctly with NCS

steve switzer
Level 1
Level 1

Hi All

I am trying to get the ACS 5.3 to work with NCS but cannot make it work correctly.

I have looked at this link -

http://www.cisco.com/en/US/products/ps6305/products_tech_note09186a0080b904a4.shtml

But this does not show how the ACS referencing AD groups would work when determining

which   custom attributes to use.

On the ACS 5.3 i have set up the following -

The ad is working and in        Users and identity stores/External identity stores/Active Directory then my AD test works fine.

I have set up the  Users and Identity stores/Identity Groups with appropriate ip s.

I have configured the Network Device Groups/Network Devices and AAA Clients with the ip address and Authenication optionsA

In Policy Elements/Authorisation and Permissions/device administration/shell profiles

I have creeated a shell  profile called network shell pro

which das a common tasks of def priv = 0 and max priv = 15

Custom attributes of the following -

role0     Mandatory         Admin

task7    Mandatory         Administration Menu Access

task69   Mandatory        Home menu access

virtual-domain1   Mandatory  CRUK

task80    Mandatory      License Check

virtual-domain0    Mandatory   ROOT-DOMAIN

IN Access Policies/Access services/Default Device Admin

i have identity and Authorisation ticked -

identity = AD1

Authorisation =

name      AD1:External groups          Compound Condition   NDG:Device Type                          NDG:Location time/date identity group shell profile

Rule-1      ANY                                AD Group                   In all device types:Cisco Prime     Any                   any        any               network shell pro

Now i can get into the NCS but i do not see any of the administration buttons on NCS - so

this means the custom attributes are not working.

Any ideas on why this is not working - i shouldnt need a user for this on the ACS as its using AD !!!

Thanks in Advance

Steve

3 Replies 3

usnetworkguy
Level 1
Level 1

Hello

Please find the attached. I added all in the the screen shots to make it work.

Thanks

Hi usnetworkguy. Can you make that rft a .txt document ?  Having same issue.

role0=Admin
task0=Users and Groups
task1=Audit Trails
task2=TACACS+ Servers
task3=RADIUS Servers
task4=Logging
task5=License Center
task6=Scheduled Tasks and Data Collection
task7=User Preferences
task8=System Settings
task9=View Alerts and Events
task10=Email Notification
task11=Delete and Clear Alerts
task12=Pick and Unpick Alerts
task13=Configure Controllers
task14=Configure Templates
task15=Configure Config Groups
task16=Configure Access Points
task17=Configure Choke Points
task18=Monitor Controllers
task19=Monitor Access Points
task20=Monitor Clients
task21=Monitor Tags
task22=Monitor Security
task23=Monitor Chokepoints
task24=Mesh Reports
task25=Client Reports
task26=Performance Reports
task27=Security Reports
task28=Location Server Management
task29=View Location Notifications
task30=Maps Read Only
task31=Maps Read Write
task32=Client Location
task33=Rogue Location
task34=Planning Mode
task35=Ack and Unack Alerts
task36=Migration Templates
task37=Configure Spectrum Experts
task38=Monitor Spectrum Experts
task39=Virtual Domain Management
task40=Scheduled Configuration Tasks
task41=Configure ACS View Servers
task42=Auto Provisioning
task43=RRM Dashboard
task44=Voice Audit Report
task45=Config Audit Dashboard
task46=High Availability Configuration
task47=Health Monitor Details
task48=Configure WIPS Profiles
task49=Global SSID Groups
task50=WIPS Service
task51=Configure Lightweight Access Point   Templates
task52=Configure Autonomous Access Point   Templates
task53=Guest Reports
task54=Configure Ethernet Switch Ports
task55=Configure Ethernet Switches
task56=Device Reports
task57=Network Summary Reports
task58=Compliance Reports
task59=Report Launch Pad
task60=Run Reports List
task61=Saved Reports List
task62=Report Run History
task63=Monitor Interferers
task64=CleanAir Reports
task65=Automated Feedback
task66=TAC Case Attachment Tool