This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
i m looking for a solution to have multiple roles for the tacacs+ config on the ACS. (4.1) so that i can have cli read-write access on Nexus switches and also read-write (admin) on the UCS manager which is webbased.
is this possible? network-admin works on Nexus, but i m read-only if i log in to UCS manager.
Ive tried somethings in an ACS test group , but it doesn t work yet.
Does someone know if this is possible and what syntax is correct?
I ve tried different kinds of syntax like this, but no luck yet. Only the first entry works, in this case admin aaa
cisco-av-pair*shell:roles="admin aaa" shell:roles="network-admin"
Like i said, not sure if this is even possible
Thanks in advance!
Hi Veer Pratap,
What ACS code are you using (ACS 4.x or ACS 5.x)?
Configuring ACS 5.x to authenticate Role Based Access Control (RBAC) users on a Nexus 5000 switch via TACACS
In case you're using ACS 4.x then you can configure this attribute per user or per group.
First, go to Interface Configuration -> TACACS+ and enable "Display a window for each service selected in which you can enter customized TACACS+ attributes".
Next, go to the user or group where you want to grant this role and check the box next to "Shell (exec)" and in the custom attributes field below add the role assignment.
If you will be authenticating on both NX-OS and UCS devices, use * instead of = to make the role optional or the UCS devices will fail authorization.
**Do rate helpful posts**