Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ISE RADIUS authorization NX-OS

Anybody could confirm if RADIUS authorization is not supported on NX-OS?

If it's not supported, how should it be configured with ISE once ISE doesn't support TACACS? 

NX-OS(config)# aaa authorization config-commands default group radius local
Radius group is not supported for command authorization
could not update aaa configuration

 

 

2 REPLIES

You could use roles in NX OS

You could use roles in NX OS instead to define what commands users can issue, and assign them using ISE via radius.

Cisco Employee

Jan is correct, you can't

Jan is correct, you can't configure NX-OS based device the same way you would IOS based one when it comes to AAA. NX-OS devices do not "understand" privilege level. Instead, they use RBAC (Role Based Access Control). As a result, you have to return a shell role from your Radius server:

shell:roles=user_role

 

For more info take a look at the latest "NX-OS Security Configuration Guide" or this link:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6-x/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6-x_chapter_0110.html...

Hope this helps!

 

Thank you for rating helpful posts! 

308
Views
0
Helpful
2
Replies
CreatePlease to create content