Take a look at the document I attached, it is a brief walkthrough on setting up TACACS+ (Cisco IOS) with ACE using either individual or groups. You should not use, nor need the new service/optional configuration for this to work with ACE.
I have allready tried as you asked and do manage to log inn with the correct role using the Custom Attriute directly on the user. The problems I am facing are generally two:
I have experiences that setting a shell-command directly on a user, and not through a "New Service", can cause problems when logging in on other Cisco-devices using the same ACS-server and user (eg. the non-ACE will freeze/crash/etc.). An (optional)-tag or using "New Service" has solved this problem earlier. Will the * guarantee for this not to happen as it is said to make the command optional? The organization I am implementing this for has a wide range of Cisco-products. Testing each type at every SW-upgrade for this bug will be a enormous task.
I can not make this work when applying the same shell-command to a User Group (I only get logged in as Network-Monitor). Have you gotten it to work using groups? In that case, which version of ACS and ACE are you using? The organization I am implementing this for is a large one. Managing each users one by one is not an option.
Using "*" in the custom attribute means that the device recieving those details should ignore it if it does not understand the input. "=" forces the device to parse the input wether it understands it or not. We only support specific products, so I can say for our other Content devices, "*" works just fine. It "should" work with other Cisco devices assuming you don't hit bugs on those devices.
For the group, I have had it work in the past, but I will check again in my lab and get back to you with the settings/version information!
The unmanaged mode is also known as Network only switching, which is introduced in Brazos release. It adds the flexibility for customer to use only network automation for service appliance.
If a device is configured a...
Usually, we can access ESXi Shell by pressing Alt+F1 from ESXi DCUI (Direct Console User Interface).
But on HyperFlex system, it just shows black window.
This is expected behavior because HyperFlex redirects ESXi Shell output to SoL...
Configuring an Export Policy Using the GUI
This procedure explains how to configure an Export policy using the APIC GUI. Follow these steps to trigger a backup of your data:
On the menu bar, choose Admi...