Hello
We have issue with MDS role when we use custom roles.
Example of problem: The question mark is working on "Predefined group" example network-admin. But not on custom role in MDS NX-OS 5.2.
As a reference everything works prefect on Nexus 5k nx-os 5.1. with the same user and aaa (ACS/tacacs) server.
!
MDS9513-7# show role name san-1
Role: san-1
Description: Admin Role
Vsan policy: permit (default)
-------------------------------------------------
Rule Type Command-type Feature
-------------------------------------------------
1 permit clear *
2 permit config *
3 permit debug *
4 permit exec *
5 permit show *
MDS9513-7# show role name network-admin
Role: network-admin
Description: Predefined Network Admin group. This role cannot be modified.
Vsan policy: permit (default)
-------------------------------------------------
Rule Type Command-type Feature
-------------------------------------------------
1 permit clear *
2 permit config *
3 permit debug *
4 permit exec *
5 permit show *
Invalid role name 'network-admin'
------ The user output ------
MDS9513-7# sh user-a
user:xx123
roles:san-1
account created through REMOTE authentication
MDS9513-7# ?
configure Enter configuration mode
end Go to exec mode
exit Exit from command interpreter
MDS9513-7# sh ver | inc 5.2
kickstart: version 5.2(6a)
system: version 5.2(6a)
----------------------------------
Cisco please release "The complete guide to MDS/NX-OS RBAC/Role". ;-)
We manage to find some DCNM "hidden" role to perform some task when use custom role.
Regards
Christer