Cisco Support Community
Community Member

Cisco Prime 2.0 user log in problems

I have a Cisco Prime Infrastructure 2.0 install that I am having problems with. I have completed the setup and have the devices in the program that I currently want to manage. My problem is with logging in by means of TACACS+. I followed the instructions about copying the tasks from the root user into TACACS+, but when I log in with a user in the correct group, my login doesn't get all of the options that I would get if I logged in with the root account.

I updated my TACACS to 4.2, I can't go any higher with my current hardware, because I thought the 4.1 version might be causing the error. The update didn't help at all.

I would appreciate any help you can give.

Everyone's tags (2)

Cisco Prime 2.0 user log in problems


What particular tasks can you not perform? As per ACS 4.2, iIn my case I 've noticed that I can't delete Discovery jobs unless logged in as Root. Apart from that I can perform all Root tasks.

Could you go to Administration > Users, Roles & AAA > Active Sessions and check what User Group you were assigned to when you log in.

Community Member

Cisco Prime 2.0 user log in problems

Under Design>Configuration> I am missing Plug and Play Profiles.

Under Deploy: I am missing Plug and Play Profiles and Software Deployment.

Under Operate>Device WorkCenter: I am missing Software Image Management, Image Dashboard, and Plug and Play Status.

Under Operate>Mobility Work Center is missing.

Under Administration, I am missing Jobs Dashboard and Jobs Approval.

I am missing the entire Workflows section.

I am assigned to the Root user group when I log in with my TACACS+ account.

Hall of Fame Super Silver

Cisco Prime 2.0 user log in problems

Did you also add the task:




*****Help out other by using the rating system and marking answered questions as "Answered"*****

*** Please rate helpful posts ***
Community Member

Cisco Prime 2.0 user log in problems

I didn't have it added because it wasn't listed in the Task List for root. I added the command in to tacacs and tried to log in again and it didn''t make any difference.


Cisco Prime 2.0 user log in problems

Hi William,

You have to add virtual-domain0=ROOT-DOMAIN. That is why I asked you to confirm which User Group you were assigned to when you logged in.

Community Member

Cisco Prime 2.0 user log in problems

The documentation says to open the user group you want to be in a copy the task list for that group to TACACS. I did that. The task list doesn't include the virtual-domain command. I went and added the command when Scott above said to add it. It didn't make a difference. I only have one virtual domain.

It doesn't matter whether I log in with the root account or my Tacacs account. When I check the the active session, it shows I am logged in with the user group "Root".

Hall of Fame Super Silver

Re: Cisco Prime 2.0 user log in problems

The task are case sensitive, you should have like 100+ I believe. Is that what you have entered?

Sent from Cisco Technical Support iPhone App

*** Please rate helpful posts ***
Community Member

Re: Cisco Prime 2.0 user log in problems

I have 175 tasks, 0-174, plus the domain line. I did a copy a pastee to move the tasks from Prime to Tacacs.

Here are the tasks I have assigned:



task0=View Alerts and Events

task1=Run Job

task2=Device Reports

task3=Alarm Stat Panel Access

task4=WAN Optimization Multisegment Access

task5=RADIUS Servers

task6=Raw NetFlow Reports

task7=Network Summary Reports

task8=Edit Audit Logs Purge Settings Access

task9=Discovery View Privilege

task10=Configure ACS View Servers

task11=Run Reports List

task12=View Audit Logs Purge Settings Access

task13=View CAS Notifications Only

task14=Administration Menu Access

task15=Monitor Clients

task16=Configure Guest Users

task17=Monitor Media Streams

task18=Configure Lightweight Access Point Templates

task19=Monitor Chokepoints

task20=Maps Read Write

task21=Configure Access Points

task22=Virtual Domains List


task24=Users and Groups

task25=View Group Members

task26=Edit Device Access

task27=Saved Reports List

task28=Migration Templates

task29=Monitor Spectrum Experts

task30=Configure Autonomous Access Point Templates

task31=Audit Trails

task32=Swim Collection

task33=Client Location

task34=Delete Device Access

task35=Device WorkCenter

task36=TrustSec Readiness Assessment

task37=PnP Profile Deploy Read-Write Access

task38=Monitor Access Points

task39=Data Collection Management Access

task40=CleanAir Reports

task41=Configure Ethernet Switches

task42=Configure Ethernet Switch Ports

task43=TACACS+ Servers

task44=Edit Job

task45=Mobility Service Management

task46=Autonomous AP Reports

task47=Swim Upgrade Analysis

task48=Delete Groups

task49=Performance Reports

task50=Configure Controllers

task51=Help Menu Access

task52=Packet Capture Access


task54=MSAP Reports

task55=Scheduled Tasks and Data Collection

task56=Monitor Tags

task57=Details Dashboard Access

task58=Search Access

task59=Scheduled Configuration Tasks

task60=View Groups

task61=Configure WIPS Profiles

task62=Delete Job

task63=Client Reports


task65=Services Menu Access

task66=Configure Templates

task67=System Jobs Tab Access

task68=System Settings

task69=Report Launch Pad

task70=Remove Clients

task71=Performance Dashboard Access

task72=Alarm Browser Access

task73=Configure Config Groups

task74=Application and Services Access

task75=Export Device Access

task76=Mesh Reports

task77=Swim Info Update

task78=High Availability Configuration

task79=License Center

task80=View Audit Logs Access

task81=Lobby Ambassador Defaults Configuration

task82=Design Monitoring Template Access

task83=Add Group Members

task84=Monitor Controllers

task85=Deploy Configuring Access

task86=View Job

task87=Monitor Security

task88=Track Clients

task89=Monitor Menu Access

task90=Export Audit Logs Access

task91=Design Configuration Template Access

task92=Schedule Job

task93=SSO Servers

task94=Monitor Interferers

task95=Configure Switch Location Configuration Templates

task96=Configure WiFi TDOA Receivers

task97=Add Groups

task98=Cancel Job

task99=Swim Distribution

task100=PnP Preferences Read-Write Access

task101=Discovery CRUD Privilege

task102=WAN Optimization Dashboard Access


task104=Voice Audit Report

task105=Admin Dashboard Access

task106=PnP Deploy History Read-Write Access

task107=Global SSID Groups

task108=Modify Groups

task109=Report Run History

task110=Maps Read Only

task111=Compliance Reports

task112=Disable Clients

task113=Custom NetFlow Reports

task114=WIPS Service

task115=Security Reports

task116=Application Server Management Access

task117=Configure Spectrum Experts


task119=View Security Index Issues

task120=Swim Access Privilege

task121=Configure Mobility Devices

task122=Device Bulk Import Access

task123=Home Menu Access

task124=Health Monitor Details

task125=Monitor WiFi TDOA Receivers

task126=Add Device Access

task127=Approve Job

task128=View Alert Condition

task129=User Preferences

task130=Guest Reports

task131=Config Archive Read-Write Task


task133=Device View configuration Access

task134=Swim Preference Save

task135=Automated Feedback

task136=Delete and Clear Alerts

task137=Identity Search Engine

task138=Configure Third Party Controllers and Access Point

task139=Email Notification

task140=License Check

task141=SSO Server AAA Mode

task142=Rogue Location

task143=Swim Recommondation

task144=Identify Unknown Users

task145=Delete Group Members

task146=Reports Menu Access

task147=PnP Profile Read-Write Access

task148=Configure ISE Servers

task149=Tools Menu Access

task150=Config Audit Dashboard

task151=Incidents Alarms Events Access

task152=Virtual Domain Management

task153=Monitor Ethernet Switches

task154=TAC Case Management Tool

task155=Pause Job

task156=Discovery Schedule Privilege

task157=Monitor Mobility Devices

task158=Context Aware Reports

task159=Voice Diagnostics

task160=Configure Choke Points

task161=MSE Analytics

task162=RRM Dashboard

task163=Swim Delete

task164=Theme Changer Access

task165=Import Policy Update

task166=Design Endpoint Site Association Access

task167=Diagnostic Information

task168=Planning Mode

task169=Pick and Unpick Alerts

task170=Configure Menu Access

task171=Ack and Unack Security Index Issues

task172=Deploy Monitoring Template Access

task173=Ack and Unack Alerts

task174=Auto Provisioning

Hall of Fame Super Silver

Re: Cisco Prime 2.0 user log in problems

This is going to sound stupid, but the virtual-domain should be entered first:



task0=View Alerts and Events

task1=Run Job



*****Help out other by using the rating system and marking answered questions as "Answered"*****

*** Please rate helpful posts ***

Re:Cisco Prime 2.0 user log in problems

It seems you have done everything right. I hope when u created the new service "NCS" in the ACS, you selected either user or group. If you have both and there is a disparity in the tasks copied, that may affect you.
Alternatively, check to make sure the prime is on the latest patch, which I think is version 5. Also try a different browser.

Sent from Cisco Technical Support Android App

Community Member

Re: Cisco Prime 2.0 user log in problems

I found the answer. The Cisco Prime Infrastructure 2.0 Administrator Guide of September 2013 has bad information. On page 132, step 9, it says to add an entry for a New Services portion. It says to call the service Prime Infrasturcture. This is incorrect.

I made this change and removed another entry called NCS that was used by another program and I started getting errors from the Tacacs server. The error reads: 2/10/2014 1:32 PM :   Feb 10 19:32:48 10.X.X.X CisACS_02_FailedAuth qojz9ujn 1 0 Message-Type=Author failed,User-Name=william.coats,NAS-IP-Address=10.X.X.X,Author-Failure-Code=Service denied,Caller-ID=10.X.X.X,NAS-Port=NCS HTTP,Author-Data=protocol=HTTP service=NCS,Group-Name=All Access,Description=Network Administrator,

I went back into Tacacs and removed the Prime entry and added an entry for NCS. I copied all of the tasks I had used on Prime into the new entry. I added NCS into the group settings and then I was able to log into Prime with all of the same choses I have when I use the root account to log on.

All it took was creating an error that Tacacs would report so I could figure out what was going on.

I need someone to reply to this message with my instructions so I can mark a correct answer. This program doesn't allow you to mark your own replies as correct.

Thanks to all for your help.


Re:Cisco Prime 2.0 user log in problems

Glad u got there in the end. It's a pity that you missed my earlier comment where I mentioned that I hoped you created the new service called "NCS".

Sent from Cisco Technical Support Android App

Community Member

Re:Cisco Prime 2.0 user log in problems

The real shame in this whole thing is it is Cisco's fault for putting out a bad manual. I downloaded the Admin Guide in October 2013 and it is dated September 2013 and the manual says to name the service "Prime Infrastructure". When I look for the Admin Guide online, it is dated November 2013 and it says to name it "NCS". If the manual I had downloaded had been correct, I wouldn't have had this problem to begin with. I made sure I downloaded the manual from the Cisco website too, hoping to avoid something like this and it still bit me in my backside.

CreatePlease to create content