cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

196
Views
0
Helpful
1
Replies
Beginner

DCNM 11.2.1 Authorization with Cisco ISE 2.2

Hi, we have recently installed Cisco DCNM 11.2.1 and enabled AAA with Cisco ISE as TACACS+ server. At the Cisco ISE server I have configured the TACACS profile with the custom attribute set to Mandatory name shell:roles  and value network-admin. Authentication works fine, so I can login, only not as an admin. In the tacacs log there are messages that the right tacacs profile is selected and the attribute is send in the response:

Authorization Attributes

All Request Attribuescisco-av-pair* ,shell:roles*
All Response Attribuesshell:roles=network-admin

and the response is also send, it does mention AVPair not cisco-av-pair, so maybe that is the problem:

Response{Author-Reply-Status=PassRepl; AVPair=shell:roles=network-admin; }

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: DCNM 11.2.1 Authorization with Cisco ISE 2.2

problem is fixed. in ISE I have created a separate tacacs profile with the name cisco-av-pair and the value shell:roles="network-admin". 

1 REPLY 1
Beginner

Re: DCNM 11.2.1 Authorization with Cisco ISE 2.2

problem is fixed. in ISE I have created a separate tacacs profile with the name cisco-av-pair and the value shell:roles="network-admin". 

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards