Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS TACACS Custom Attributes

I have users that require multiple custom attributes under the TACACS configuration.  Below are the two that are required, one is for Cisco UCS and the other is for MDS.  My question is what is the format to get both of them to work for the same user?  Individually they work fine, but when both are configured for the same user, the UCS "admin" privilage seems to work, but I'm only able to get "read" for the MDS.  I've had this working before, and can't figure out what the trick was the first time around.  Thanks.


shell:roles=“network-admin vsan-admin”

Cisco Employee

Re: ACS TACACS Custom Attributes

You can also configure optional custom attributes to avoid conflicts with non-MDS Cisco switches using the same AAA servers.

cisco-av-pair*shell:roles*"network-admin vsan-admin"

Configuring TACACS+: on cisco MDS 9000

If you have this Cisco-av-pair:

cisco-av-pair*shell:roles*"admin" -->  Then it means it's optional, this would be the preferred method.

You can get a list of roles on UCS:



Do rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: ACS TACACS Custom Attributes

Hi there,

We are looking at seting up UCS on TACACS.

The one question I can't find in the documentation is what happens when TACACS server fail?

One would assume that it would fall back to Local but I can't seem to find this information.

Regards - TN.