ACS TACACS Custom Attributes

Unanswered Question
May 28th, 2010
User Badges:

I have users that require multiple custom attributes under the TACACS configuration.  Below are the two that are required, one is for Cisco UCS and the other is for MDS.  My question is what is the format to get both of them to work for the same user?  Individually they work fine, but when both are configured for the same user, the UCS "admin" privilage seems to work, but I'm only able to get "read" for the MDS.  I've had this working before, and can't figure out what the trick was the first time around.  Thanks.


shell:roles=“network-admin vsan-admin”

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jatin Katyal Sat, 05/29/2010 - 08:01
User Badges:
  • Cisco Employee,

You can also configure optional custom attributes to avoid conflicts with non-MDS Cisco switches using the same AAA servers.

cisco-av-pair*shell:roles*"network-admin vsan-admin"

Configuring TACACS+: on cisco MDS 9000

If you have this Cisco-av-pair:

cisco-av-pair*shell:roles*"admin" -->  Then it means it's optional, this would be the preferred method.

You can get a list of roles on UCS:



Do rate helpful posts- Tue, 08/24/2010 - 06:44
User Badges:

Hi there,

We are looking at seting up UCS on TACACS.

The one question I can't find in the documentation is what happens when TACACS server fail?

One would assume that it would fall back to Local but I can't seem to find this information.

Regards - TN.


This Discussion