Cisco Prime Infrastructure 1.3 - Creating custom TACACS+ Attribu
If you create a separate service rule, you can have it fork TACACS authentication requests from that specific IP to a different Service identity and authorization process, where you can tell it to select a specific shell profile. Then all you have to do is create a separate shell profile for managing Prime and have that one selected. We do this with our UCS dvices, regular router/switch CLI logins, etc.
So for example:
UCS: TACACS request --> if match service selection rule "from UCS devices", go to UCS admin access policy --> if match ucs admin identiy reqirements, give UCS admin shell profile
PI: TACACS request --> if match service selection rule "from PI devices", go to PI admin access policy --> if match PI admin identiy reqirements (which are same as UCS), give PI admin shell profile
Default: TACACS request --> if match tacacs protocol from our IP range, go to default device admin policy --> if match defaul identy requirements, give default admin shell profile
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...