rbac role "ops"
rbac role "nw-svc-admin"
rbac role "nw-svc-params"
rbac role "admin"
exitWe have a working Cisco Prime Infrastructure environment leveraging RADIUS login and they reference NCS Roles, which includes:
Hi Michael,I don't have much experience with Cisco ACI, however what i would suggest is to Import Radius Dictionary of the ACI in the Radius Dictionary on Clearpass, under Administration > Dictionaries > RADIUS.From what i saw on ISE with ACI Integration, TACACS External Logging is configured through REST API, where you create a destination group:
Maybe this link can be helpfull: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/rest_cfg/2_1_x/b_Cisco_APIC_REST_API_Configuration_Guide.pdf and http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/b_KB_Configuring_TACACS_RADIUS_LDAP_for_ACI_Access.html#task_D0D8572AB60745F1BFEFE0A2800A1749Also, when configuring with ISE usually the assigned role has a shell command of:
shell:domains = all/admin/ or shell:domains = all/read-all/Hope this might have been helpfull.
Im still having a little trouble getting this working. Can you please add a screen shot of your settings.
This is what I have and cant get it to work.
Try shell:domains = all/read-all/
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.