I'm having to use the free TACACS+ in an environment to configure authentication for all the network devices. I have all the routers and switches working just fine, but am having issue with getting the ACE to use TACACS. I've configured ACE to authenticate to an ACS server by adding the additional shell custom attributes (shell:Admin*Admin default-domain) and this worked fine. I found in some documentation on TACACS+ that described how to add this similar attribute to the tac_plus.conf file, but it doesn't seem to want to work. My aaa config from the ACE as well as the tac_plus.conf file content below. I know the AAA is working with this TACACS server as the accounting functions properly.
tacacs-server host 10.1.0.202 key 7 <removed> aaa group server tacacs+ TAC_AUTH server 10.1.0.202
aaa authentication login default group TAC_AUTH local
aaa authentication login console group TAC_AUTH local aaa accounting default group TAC_AUTH local
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...