I'm having an issue with TACACS+ AAA setup with a Nexus 7000 running 4.2(2a) and ACS 4.2. I've added the av-pair string of
shell:roles="network-operator vdc-admin" into the TACACS+ settings under the group custom attributes. When I log in I the login hangs waiting for the custom attribute pair to respond back the switch which it doesn't seem to do and it then dumps me into vdc-operator role and not the vdc-admin role.
I saw your post and figured I would give you a shout. I have a client with a 7K installed. We are running ACS 4.2 and all network equipment is functioning with the exception of the 7K.
We keep getting:
TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond
Do you have a sample of your config for your 7K? Did you have to do anything special in ACS for it to talk to the 7K? Been beating my head on this for a few weeks and the Cisco Config guides don't solve my issue. Follow them to a tee and still does not work.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...