03-25-2013 09:43 PM - edited 03-10-2019 08:14 PM
Hi
i am trying to assign a right role for a user who authenticates to nexus 7k switch via radius. i am using cisco ISE version 1.1.1.268 and the nexus version is 5.0.2
I have created a role on nexus
role name network-XXX
rule 2 permit read
rule 1 permit command show running-config
on the ise , i have created an authorization profile :
Cisco:cisco-av-pair= shell:roles*"network-XXX"
on the ise authentication result , i can see that the "network-XXX" is passed on to Nexus, but the switch fails to understand it and doesnt allow me to issue the command show running-config.
i have tried various iterations on ISE attribute. i.e
shell:roles*"network-operator network-XXX"
shell:roles=network-XXX
shell:roles*"network-XXX vdc-admin"
none of them seem to work.
Any one with any ideas?
04-05-2013 07:53 PM
Hello Manish,
The switch that you hev deployed i.e Nexus 7k series, does not support the features of ISE 1.1.1. For your reference please go through the link below:-
http://www.cisco.com/en/US/docs/security/ise/1.1/compatibility/ise_sdt.html
04-13-2016 01:29 AM
Hello Harvisin,
Do Nexus support radius authentication with ISE 1.3??. All the access switches we have integrated for
for AAA/Radius authentication with ISE.
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/compatibility/ise_sdt.html
Nexus are not reflecting in the above ISE 1.3 compatibility matrix chart.
Regards,
Deepu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide