CSCtr43448 - service selection doesnand39;t work all the time when using tacacs username
FYI this bug is not fixed as of 5.4. ACS handles incoming user-based rules for service selection for telnet. If you use SSH (which everyone should if available), ACS cannot reliably determine the username due to it not always being included in the 1st packet. ACS would just have to wait for the 2nd packet to get the full username for this to work.
Instead of fixing this product defect, Cisco decided to make it a documentation change.
The workaround is to place a duplicate of your user-based rules under each Device Administration Authorization Policy -- very inconvenient if you have many rules like we do.
I think ACS should handle telnet and SSH sessions identically.
There are few interoperability issues between 2960x and other vendors.
In this article we will go over the steps on how to debug these issues.
Check the phy id from “show controllers ethernet-controller phy” output.
It appears that you are trying to access end of life information from
Cisco search. We have detected a problem with your script ("eol...) and
would like to help. Please contact email@example.com if you would
Cisco Licensing is pleased to announce the new Licensing Portal. It
provides customers with an enhanced self-service experience by
stream-lining and automating many licensing activities. Please take a
moment to familiarize yourself with the features that ...