We are migrating from AiroS controllers to 9800 platform.
In AirOS we used to give two types of access to Admin users using role supplied from ISE.
Now we want similar thing in 9800, which is IOS XE. In our environment we have a lot of OS XE devices and we have configured with command authorization in AAA configuration to customize admin access. Now if we replicate the same thing in 9800 configuration CLI is working fine. But in case of GUI access it is throwing a bunch of requests( sometime 20 show commands ) for command authorization to AAA, the moment we try to open or browse any page using HTTPS access. Page is loading very slow due to that.
Just wondering if anyone set this up already as this seems a very common requirement of customized admin access and command authorization from AAA basis user roles.
Here is the configuration for command authorization.
aaa authorization config-commands
aaa authorization commands 1 default group ISE local
aaa authorization commands 15 default group ISE local
Thanks in advance.