Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6257
Views
0
Helpful
8
Replies

Nexus 7000 and ACS AV-PAIRS

cochambe
Level 1
Level 1

‎12-03-2009 09:33 AM - edited ‎03-10-2019 04:49 PM

Dear all,

I'm having an issue with TACACS+ AAA setup with a Nexus 7000 running 4.2(2a) and ACS 4.2. I've added the av-pair string of 

shell:roles="network-operator vdc-admin" into the TACACS+ settings under the group custom attributes. When I log in I the login hangs
waiting for the custom attribute pair to respond back the switch which it doesn't seem to do and it then dumps me into vdc-operator role and not the
vdc-admin role.

Can any one give me any additional pointers? 

Thanks in advance,

Col

1 person had this problem
Labels:
0 Helpful
8 Replies 8

cochambe
Level 1
Level 1

‎12-08-2009 02:31 AM

All,

Just for reference we've fixed this. The based VDC always seemed to honour the PRIV 15 under the ACS group and gave you network-admin, the correct syntax for vdc-admin passthrough on the av-pair is:

shell:user=admin-vdc

That's all you need.

Regards,

Col

0 Helpful

cratejockey
Level 1
Level 1
In response to cochambe

‎02-08-2010 11:52 AM

Colin,

I saw your post and figured I would give you a shout.  I have a client with a 7K installed.  We are running ACS 4.2 and all network equipment is functioning with the exception of the 7K.

We keep getting:

TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond

Do you have a sample of your config for your 7K?  Did you have to do anything special in ACS for it to talk to the 7K?  Been beating my head on this for a few weeks and the Cisco Config guides don't solve my issue.  Follow them to a tee and still does not work.

Thanks,

Josh

0 Helpful

khwajanusrat
Level 1
Level 1
In response to cratejockey

‎02-23-2010 09:18 AM

Hi,

I am also getting this message repeatedly on my NX5000, although the authentication and authorization are working fine. Will appreciate any clues. thanks

%TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond

0 Helpful

khwajanusrat
Level 1
Level 1
In response to cratejockey

‎02-23-2010 02:03 PM

Hi Colin Chambers,

Can you please post the error and the current config for tacacs on NX7000.

0 Helpful

veer.pratap
Level 1
Level 1
In response to cochambe

‎07-22-2013 10:14 AM

Hi Colin,

Can u help me to resolve the issue of ACS 4.2 with nexus 7k. wat configuration u did in ACS ?

Regards,

Veer Pratap Singh

0 Helpful

brian.holmes
Level 1
Level 1

‎02-16-2011 07:09 AM

My server was sending minor version 0 instead of 1 when I saw the same error message.

Brian Holmes
Verizon
0 Helpful

Yun Pan
Level 1
Level 1

‎05-16-2013 01:24 PM

0 Helpful

brian.holmes
Level 1
Level 1

‎07-23-2013 10:27 AM

One other thing I had to send was TACACSPLUS-Priv-Level = ROOT

which by the way was not in any manual.  

Brian Holmes
Verizon
0 Helpful
Customers Also Viewed These Support Documents