Nexus RBAC

When logging into a N5K or a N7K system VDC, the default User-Roles assigned is “network-operator”. When logging into a VDC, the default User-Roles is “vdc-operator”.

You need to add a new shell role or you also can add multiple roles:

shell:roles="\"network-admin vdc-admin\""
# sh user-account
user:admin
 this user account has no expiry date
roles:vdc-admin
user:account1
 roles:vdc-operator
account created through REMOTE authentication
Credentials such as ssh server key will be cached temporarily only for this user
 account
Local login not possible

After modify your tacacs+ configuration, you need to clear the user account cached.

(config)# no username account1

Your user in cache disappears

# sh user-account
user:admin
 this user account has no expiry date
 roles:vdc-admin

Verification :

# sh user-account
user:admin
 this user account has no expiry date
 roles:vdc-admin
user:account1
 roles:vdc-admin

Now your user have the good right.

 

 

Ce contenu a été publié dans Cisco par zed. Mettez-le en favori avec son permalien.