cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
407
Views
0
Helpful
1
Replies

Problem setting Shell Profile attributes in ACS 5.4

Hi, all

we have a couple of ACS with version Cisco Secure ACS 5.4.0.46.6, and we are trying to add custom attributes in a new shell profile for setting the privilege level for Nexus switches, according to: 

http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/115925-nexus-integration-acs-00.html

and

http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/115926-tacacs-radius-devices-00.html#ns

The problem is setting the attribute/value pair, since when we use:

Attribute: cisco-av-pair

Requirement: Optional and Mandatory (we have tried both)

Value: shell:roles*"network-admin vdc-admin"

we add it, and when we submit the custom attribute, ACS GUI gets logged out, not saving anything at all.

We have checked that the problem is adding quotation marks in the value text field. If we remove "", it doesn't log out, but the attribute is not correctly provided. Quotation marks seem to be necessary for our requirement. We have tried on Internet Explorer 11 and Firefox 43 with similar results. Any idea how to solve this?

Thanks is advance!

Ivan

1 Reply 1

Jatin Katyal
Cisco Employee
Cisco Employee

Ivan,

Interesting - I tested this on ACS 5.4 ( with no patches) - worked.

                    Applied patch 6 on top of ACS 5.4 - broke

                    Applied patch 8 on top of 5.4 patch 6 - worked.

                    Tested with ACS 5.7 ( with no patches) - Worked.

Patch your ACS with patch 8 and report back.

Regards,

Jatin

~Jatin