Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MDS custom role

Hello

We have issue with MDS role when we use custom roles.

Example of problem: The question mark is working on "Predefined group" example network-admin. But not on custom role in MDS NX-OS 5.2.

As a reference everything works prefect on Nexus 5k nx-os 5.1. with the same user and aaa (ACS/tacacs) server.

!

MDS9513-7# show role name san-1

Role: san-1

  Description: Admin Role

  Vsan policy: permit (default)

  -------------------------------------------------

  Rule    Type    Command-type    Feature        

  -------------------------------------------------

  1       permit  clear           *              

  2       permit  config          *              

  3       permit  debug           *              

  4       permit  exec            *              

  5       permit  show            *              

MDS9513-7# show role name network-admin

Role: network-admin

  Description: Predefined Network Admin group. This role cannot be modified.

  Vsan policy: permit (default)

  -------------------------------------------------

  Rule    Type    Command-type    Feature        

  -------------------------------------------------

  1       permit  clear           *              

  2       permit  config          *              

  3       permit  debug           *              

  4       permit  exec            *              

  5       permit  show            *              

Invalid role name 'network-admin'

------ The user output  ------

MDS9513-7# sh user-a

user:xx123

        roles:san-1

account created through REMOTE authentication

MDS9513-7# ?

  configure  Enter configuration mode

  end        Go to exec mode

  exit       Exit from command interpreter

MDS9513-7# sh ver | inc 5.2

  kickstart: version 5.2(6a)

  system:    version 5.2(6a)

----------------------------------

Cisco please release "The complete guide to MDS/NX-OS RBAC/Role".   ;-)

We manage to find some DCNM "hidden" role to perform some task when use custom role.

Regards

Christer

1 REPLY
Cisco Employee

MDS custom role

Hi Christer,

CSCub93429 is fixed in NX-OS 5.2(8b) and above.

CSCub93429

Symptom: On Cisco MDS 9000 Family switches, CLI help (?) does not list all the available commands, keywords, and arguments for a user. Also, the tab key command completion does not work.

Condition: This issue occurs only for users with role-based access control (RBAC)-based privileges that access the switch through the CLI.

Regards,

David

342
Views
0
Helpful
1
Replies
CreatePlease to create content