Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
728
Views
0
Helpful
1
Replies

How to have different Roles on different VDC's?

000node000
Level 1
Level 1

‎03-06-2013 02:32 PM - edited ‎03-10-2019 08:10 PM

I have ACS 5.3 running TACACS+ and Nexus 7K with 2 x non-default VDC's, VDC-OTV and VDC-CR.

I want my TACACS account to have role "vdc-admin" on VDC-CR, and "vdc-operator" on VDC-OTV.

What is the best way to achieve this?

I tried putting the VDC's into different Network Device Groups, with VDC-CR being in an Authorization Rule that associated the Device Group with the "vdc-admin" Shell Profile.

But I'm getting the same roles on both VDC's--both get whatever the role in the Shell Profile.

It's possible I'm not organizing the Devices and Network Device Groups correctly. It seems to me when I add a new Device, it knows about all the Device Groups, and the IP range and exclude syntax seems to be a pain. I have existing Device Groups, one with a 10.10.*.* IP range, and I'm trying to isolate these two VDC's out of that IP range into their own individual Device Groups.

Thanks!

Labels:
0 Helpful
1 Reply 1

Amjad Abdullah
VIP Alumni
VIP Alumni

‎03-17-2013 04:22 AM

Choi:

Post us some screenshots from your ACS configuration (policies, autho profiles...etc) so we give them a look.

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful
Customers Also Viewed These Support Documents