Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Making ACS 5.3 work correctly with NCS

Hi All

I am trying to get the ACS 5.3 to work with NCS but cannot make it work correctly.

I have looked at this link -

http://www.cisco.com/en/US/products/ps6305/products_tech_note09186a0080b904a4.shtml

But this does not show how the ACS referencing AD groups would work when determining

which   custom attributes to use.

On the ACS 5.3 i have set up the following -

The ad is working and in        Users and identity stores/External identity stores/Active Directory then my AD test works fine.

I have set up the  Users and Identity stores/Identity Groups with appropriate ip s.

I have configured the Network Device Groups/Network Devices and AAA Clients with the ip address and Authenication optionsA

In Policy Elements/Authorisation and Permissions/device administration/shell profiles

I have creeated a shell  profile called network shell pro

which das a common tasks of def priv = 0 and max priv = 15

Custom attributes of the following -

role0     Mandatory         Admin

task7    Mandatory         Administration Menu Access

task69   Mandatory        Home menu access

virtual-domain1   Mandatory  CRUK

task80    Mandatory      License Check

virtual-domain0    Mandatory   ROOT-DOMAIN

IN Access Policies/Access services/Default Device Admin

i have identity and Authorisation ticked -

identity = AD1

Authorisation =

name      AD1:External groups          Compound Condition   NDG:Device Type                          NDG:Location time/date identity group shell profile

Rule-1      ANY                                AD Group                   In all device types:Cisco Prime     Any                   any        any               network shell pro

Now i can get into the NCS but i do not see any of the administration buttons on NCS - so

this means the custom attributes are not working.

Any ideas on why this is not working - i shouldnt need a user for this on the ACS as its using AD !!!

Thanks in Advance

Steve

  • AAA Identity and NAC
Everyone's tags (5)
3 REPLIES
New Member

Re: Making ACS 5.3 work correctly with NCS

Hello

Please find the attached. I added all in the the screen shots to make it work.

Thanks

New Member

Re: Making ACS 5.3 work correctly with NCS

Hi usnetworkguy. Can you make that rft a .txt document ?  Having same issue.

New Member

Making ACS 5.3 work correctly with NCS

role0=Admin
task0=Users and Groups
task1=Audit Trails
task2=TACACS+ Servers
task3=RADIUS Servers
task4=Logging
task5=License Center
task6=Scheduled Tasks and Data Collection
task7=User Preferences
task8=System Settings
task9=View Alerts and Events
task10=Email Notification
task11=Delete and Clear Alerts
task12=Pick and Unpick Alerts
task13=Configure Controllers
task14=Configure Templates
task15=Configure Config Groups
task16=Configure Access Points
task17=Configure Choke Points
task18=Monitor Controllers
task19=Monitor Access Points
task20=Monitor Clients
task21=Monitor Tags
task22=Monitor Security
task23=Monitor Chokepoints
task24=Mesh Reports
task25=Client Reports
task26=Performance Reports
task27=Security Reports
task28=Location Server Management
task29=View Location Notifications
task30=Maps Read Only
task31=Maps Read Write
task32=Client Location
task33=Rogue Location
task34=Planning Mode
task35=Ack and Unack Alerts
task36=Migration Templates
task37=Configure Spectrum Experts
task38=Monitor Spectrum Experts
task39=Virtual Domain Management
task40=Scheduled Configuration Tasks
task41=Configure ACS View Servers
task42=Auto Provisioning
task43=RRM Dashboard
task44=Voice Audit Report
task45=Config Audit Dashboard
task46=High Availability Configuration
task47=Health Monitor Details
task48=Configure WIPS Profiles
task49=Global SSID Groups
task50=WIPS Service
task51=Configure Lightweight Access Point   Templates
task52=Configure Autonomous Access Point   Templates
task53=Guest Reports
task54=Configure Ethernet Switch Ports
task55=Configure Ethernet Switches
task56=Device Reports
task57=Network Summary Reports
task58=Compliance Reports
task59=Report Launch Pad
task60=Run Reports List
task61=Saved Reports List
task62=Report Run History
task63=Monitor Interferers
task64=CleanAir Reports
task65=Automated Feedback
task66=TAC Case Attachment Tool
1215
Views
0
Helpful
3
Replies