Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1981
Views
0
Helpful
4
Replies

Cisco Nexus - User administration

Go to solution
enazevedo
Level 1
Level 1

‎03-08-2013 01:40 PM - edited ‎03-07-2019 12:08 PM

In addition to TACACS+, there some segregation to administrators of Nexus?

This issue arose with the arrival of Nexus in our network, and we have two separated teams of support, one from LAN, and another to SAN.

Regards,

E. Azevedo

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rkirkeby
Level 1
Level 1
In response to enazevedo

‎03-13-2013 06:57 AM

If you can settle with the two predefined roles, which are

network-admin (superuser)—Complete read and write access to the entire switch.

network-operator—Complete read access to the switch.

In that case you just need to defined the users in the switch

username USER1 password 5 XXXXXXXXXXX  role network-admin

username USER2 password 5 XXXXXXXXXXX role network-operator

username USER3 password 5 XXXXXXXXXXX role network-operator

etc

Or do you require all admins to have some degree or write access, in this case you will to have to create you own roles and subsequent assing them to the users, but you dont have to define a seperate role for each individual user, I would guess your lan administrator will have full access so for these you can use the network-admin role, then you just need to define the san-administrator role and its commands.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
rkirkeby
Level 1
Level 1

‎03-13-2013 06:30 AM

Yes the Nexus is also operating with roles, you can use the predefined roles or define you own, following that you associate different usernames with these roles or if you use ACS you can define Shell profiles that will do the same.

I used this guide when configued it for our setup.

http://www.cisco.com/en/US/products/ps9670/products_configuration_example09186a0080b2f941.shtml

Hope it helps.

0 Helpful

Go to solution
enazevedo
Level 1
Level 1
In response to rkirkeby

‎03-13-2013 06:48 AM

Rene, tks for the reply!

But acctually, i'm looking for some more simples segregated access. Now that i understand the concept of RBAC through your link, i'm looking for something like that:

role: network-lan-administrador
role: network-san-administrador

Without has to set manually which command each administrador has permission.

Regards.

0 Helpful

Go to solution
rkirkeby
Level 1
Level 1
In response to enazevedo

‎03-13-2013 06:57 AM

If you can settle with the two predefined roles, which are

network-admin (superuser)—Complete read and write access to the entire switch.

network-operator—Complete read access to the switch.

In that case you just need to defined the users in the switch

username USER1 password 5 XXXXXXXXXXX  role network-admin

username USER2 password 5 XXXXXXXXXXX role network-operator

username USER3 password 5 XXXXXXXXXXX role network-operator

etc

Or do you require all admins to have some degree or write access, in this case you will to have to create you own roles and subsequent assing them to the users, but you dont have to define a seperate role for each individual user, I would guess your lan administrator will have full access so for these you can use the network-admin role, then you just need to define the san-administrator role and its commands.

0 Helpful

Go to solution
enazevedo
Level 1
Level 1
In response to rkirkeby

‎03-13-2013 07:03 AM

That's a way Rene...

Tks for your attention.

0 Helpful
Customers Also Viewed These Support Documents