I am able to authenticate to my ACE modules via Radius, but when I login it does not give my Admin rights. Does anyone have a fix for this? My ACS admin has been working with TAC since last week to no avail.
You have to use a custom AV pair on TACACS server under user setup to make it work. ACE uses RBAC (role based Access Control) and for that you have to pass the context and User Role from Tacacs server to ACE to make it work.If there is no RBAC info is pushed from Tacacs server and user just get authenticated then the default role assigned by ACE is Network-Monitor.
Following steps (On tacacs server) will make it work
1. Select your user
2. goto tacas+ settings
3. Select " shell (exec)" checkbox
4. Select "custom attributes" checkbox
5. Type your context and role information in custom attrib box, using following format
for e.g (if context name is Admin, domain is default-domain and you want to assign role "Admin" to this user )
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...