The following guide shows how to return a TACACS attribute in ACS 5 defining the role a user should be placed into on Nexus 5K switches that use Role Based Access Control (RBAC).
This guide makes the following assumptions:
You are using the TACACS protocol to authenticate RBAC users on a Nexus 5000 switch.
Your ACS service selection rules direct all TACACS requests to the "Default Device Admin" access service.
The switch is aleady added as a network device in a network device group specifically for Nexus switches.
Users are already mapped to an Identity Group on ACS that will then map to their role on Nexus.
Create an Authorization Policy rule to match the user and device criteria as shown below:
Create a Shell Profile to return the required attributes. In the following example the user will be placed into the "Network-Admin" role:
Map the Shell Profile to the Authorization Policy rule:
Log into the Nexus switch. To confirm that the rule has been successfully matched, check the hit count next to the rule. Note you may need to refresh the hit count status by clicking on the hit count button on the bottom right hand corner, and then refresh.
Hi,I just noticed that any administrator role in ISE 2.6 is able to change his/her own login name via the Account Settings in the top right corner. Is there a way to disable this behavior? So far I couldn't find an option in the admin settings. ...
Hello. approximately 5 month ago I enabled Envelop Sender Verification and using it without any problem till now. but one of our user called that an email didn't reach him(for example: firstname.lastname@example.org). I looked at monitoring tool but nothing found. I looke...
Hello everyone,I have Cisco ASA 5525-X with following imagesasa922-4-smp-k8asdm 7.2(2)1asasfr-5500x-boot-5.4.0 I need to deploy the firewall in Datacentre environment. For this purpose , i want to create zones/zone pairs and assign interfaces to diff...
If you get a notification saying "Error in saving certificate: status = FAIL" when installing an SHA-256 certificate, this means that the SHA-256 algorithm is not supported. how to resolve this error please update me
Hi Guys - My Cisco any-connect was working fine. However, all of the sudden it wants me to upgrade to version 4.8.0190.I have version 4.6 before and it worked fine. When it downloads it fails. I can not to get it to stop auto updating.&nb...