1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. N5K-M1600 - Expansion Module - 6 Ports
  6. Troubleshooting manual

Cisco N5K-M1600 - Expansion Module - 6 Ports Troubleshooting Manual page 130

Troubleshooting guide
Hide thumbs
Table of Contents

Advertisement

Roles
S e n d d o c u m e n t c o m m e n t s t o n e x u s 5 k - d o c f e e d b a c k @ c i s c o . c o m .
Check the RADIUS (for example, ACS) server configuration.
Step 2
Check the RADIUS (for example, RADIUSD) server configuration for settings in the user account.
Step 3
Log in the user again.
Step 4
Check the role assignment with the show user-account command.
Step 5
Rules for Role's permit/deny action do not work correctly
When a user-defined role is assigned to a user account, the role's rule policy may not seem to take effect.
For example, a rule in the role's configuration is set to deny all interface configuration commands.
However, you still can configure interface commands.
Possible Cause
Order of rule configurations for the role is incorrect.
The RBAC parser accesses a rule from highest to lowest rule number.
Note
Solution
After identifying the rule that is not working correctly, check to see if any rules preceding it conflict or
override it.
For example, if the rule that is not working correctly has a rule ID of 10, then check all the rules that
have a rule ID greater than 10 to see if they might conflict with rule 10. To illustrate this example, we
can say that rule 15 is found to be overriding rule 10. To resolve this conflict, you would have to modify
rule 15 or change the rule ID of rule 10 so that it has a greater rule ID than rule 15.
Cisco Nexus 5000 Series Troubleshooting Guide
6-2
Add the following string into the textbox:
cisco-av-pair=shell:roles="network-admin"
Use the following menu paths to access the settings:
Network Configuration > AAA > AAA Servers > svi,20.1.1.2,CiscoSecure ACS
Network Configuration > AAA > AAA Client > 20.1.1.1 20.1.1.1 RADIUS (Cisco IOS/PIX 6.0)
> SharedSecret=test1234, Authenticate Using=RADIUS (Cisco IOS/PIX 6.0)
Interface Configuration > RADIUS (Cisco IOS/PIX 6.0)
Select User for cisco-av-pair.
Use the following menu path to access the settings and add a string to the RADIUS attributes:
User Setup > Add/Edit <username> > Cisco IOS/PIX 6.x RADIUS Attributes
Check the attribute box.
Enter the following string:
shell:roles="network-admin"
Use the following path to access the user account definition:
.../etc/raddb
Ensure that the user account definition contains:
cisco-avpair= "shell: roles = network-admin"
Chapter 6
Troubleshooting Security Issues
OL-25300-01
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco N5K-M1600 - Expansion Module - 6 Ports

Related Products for Cisco N5K-M1600 - Expansion Module - 6 Ports

This manual is also suitable for:

N5k-pac-550w= - power supply - hot-plugN5k-c5010p-bf - nexus 5010 switchN5k-c5020p-bf - nexus 5020 switchNexus 5000 series

Table of Contents