Solved: Re: Nexus 9K REST API authentication using ISE

martaylor · ‎12-13-2019

Hello

Can anyone help with a config issue I have.

A customer has requested REST API access onto their N9Ks using the role=nxdb-admin.

All access to the N9Ks is via TACACS using an ISE running 2.4

I have tried to setup a new TACACS profile on the ISE for Nexus devices with the role nxdb-admin however it never gets saved, i have tried setting it as optional or mandatory

Any advice on how to do this or what I am doing wrong or does it need a role on the ISE when accessing N9Ks using the rest API

Thanks

Martyn

Colby LeMaire · ‎12-13-2019

You should be able to add the role as an AV pair in your shell profile. You could even just type it in on the "Raw View" screen within the shell profile configuration. It will let you save anything there. If you want it to contain the "=" sign, then it needs to be mandatory instead of optional. If that doesn't work on the Nexus itself, you may have to use roles="nxdb-admin".

View solution in original post

Colby LeMaire · ‎12-13-2019

You should be able to add the role as an AV pair in your shell profile. You could even just type it in on the "Raw View" screen within the shell profile configuration. It will let you save anything there. If you want it to contain the "=" sign, then it needs to be mandatory instead of optional. If that doesn't work on the Nexus itself, you may have to use roles="nxdb-admin".

hslai · ‎12-15-2019

Colby.LeMaire is correct. However, you would need to switch the common task type to Generic.

(view in My Videos)