Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
587
Views
0
Helpful
3
Replies

MDS9500 - TACACS

rm2017
Level 1
Level 1

‎05-16-2006 09:16 AM

I am having issues authentication with network-admin privileges via TACACS on the MDS. I defined the custom av attribute in the tacacs settings on acs as follows:

cisco-av-pair=shell:roles="network-admin"

For some reason it doesn't seem like the AV pair is passing to the MDS and I always am given network-operator privileges.

Any ideas on what I could check?

Labels:
0 Helpful
3 Replies 3

tblancha
Cisco Employee
Cisco Employee

‎05-16-2006 09:30 AM

Try this AV Pair instead:

cisco-av-pair*shell:roles="network-admin"

0 Helpful

rm2017
Level 1
Level 1
In response to tblancha

‎05-16-2006 11:53 AM

Still no luck. I do see the following entry in the messages:

Trap (DE)Register at /1.1.1.1 failed. Permission denied or feature disabled.

Could that have anything to do with the MDS not accepting the AV pair?

0 Helpful

tblancha
Cisco Employee
Cisco Employee
In response to rm2017

‎05-16-2006 04:27 PM

Yes, sounds like you need a little more involvement then this forum offers. So, if you do not have a key between the mds and the tacacs server, go ahead and get a sniffer trace showing a login. Get a debug aaa all at the same time. Depending on who your support is with-->an OSM or Cisco, go ahead and open support case.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents