Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1523
Views
0
Helpful
2
Replies

ISE RADIUS authorization NX-OS

rodrigohcsilva
Level 1
Level 1

‎10-17-2014 02:39 PM - edited ‎03-10-2019 10:07 PM

Anybody could confirm if RADIUS authorization is not supported on NX-OS?

If it's not supported, how should it be configured with ISE once ISE doesn't support TACACS? 

NX-OS(config)# aaa authorization config-commands default group radius local
Radius group is not supported for command authorization
could not update aaa configuration

 

 

Labels:
0 Helpful
2 Replies 2

jan.nielsen
Level 7
Level 7

‎10-17-2014 03:54 PM

You could use roles in NX OS instead to define what commands users can issue, and assign them using ISE via radius.

0 Helpful

nspasov
Cisco Employee
Cisco Employee

‎10-19-2014 12:10 AM

Jan is correct, you can't configure NX-OS based device the same way you would IOS based one when it comes to AAA. NX-OS devices do not "understand" privilege level. Instead, they use RBAC (Role Based Access Control). As a result, you have to return a shell role from your Radius server:

shell:roles=user_role

 

For more info take a look at the latest "NX-OS Security Configuration Guide" or this link:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6-x/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6-x_chapter_0110.html...

Hope this helps!

 

Thank you for rating helpful posts! 

0 Helpful
Customers Also Viewed These Support Documents