08-29-2013 10:55 PM - edited 03-10-2019 08:50 PM
Hi,
I have configured the Tacacs (ACS 4.2v) on Nexus 7000 (as mentioned below) and works fine but unlike IOS (6509) It's doesn't prompt that you are in userexec mode (>) and then need to type enable and password for full privilege.
In n7k when I entered into "configure terminal" It won't allow me to access other commands.
How to login into level 15 privilege mode after authenticating from tacacs
(config)# show running-config tacacs+
tacacs-server key 7 "xxxxx"
tacacs-server host x.x.x.x key 7 "xxxx"
aaa group server tacacs+ TacServer
server x.x.x.x (same ip as tacacs-server host)
use-vrf management
source-interface Vlan2
(config)# show running-config aaa
aaa authentication login default group TacServer
aaa authentication login console local
aaa user default-role
Here below are the commands accessible in "Terminal" currently
(config)# ?
no Negate a command or set its defaults
username Configure user information.
end Go to exec mode
exit Exit from command interpreter
isb.n7k-dcn-agg-1-sw(config)#
09-03-2013 11:24 AM
I'm not 100% sure about ACS 4.2, as i have only tried this in ACS 5.x, but there you needed to send a shell profile back to the nexus, with this line for exec mode :
shell:roles=
"network-admin"
09-03-2013 08:06 PM
Hi Jan.nielsen
Issue is resolved but by another way.
I have found the same resolution too of custom attirbute command but the Custom attribute Option for shell command wasn't available in ACS v4.2, so after enabling shell for users and by clicking exec--> Shell Exec and enabling priviledge level 15 in the same box of Shell options, It start working without any command
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide