EasyManuals Logo

Cisco 9134 - MDS Multilayer Fabric Switch User Manual

Cisco 9134 - MDS Multilayer Fabric Switch
560 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #341 background imageLoading...
Page #341 background image
Send documentation comments to mdsfeedback-doc@cisco.com
17-11
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
OL-9285-05
Chapter 17 Troubleshooting RADIUS and TACACS+
Troubleshooting RADIUS and TACACS+ With Cisco ACS
User Cannot Access Certain Features
Symptom User cannot access certain features.
Troubleshooting RADIUS and TACACS+ With Cisco ACS
To troubleshoot RADIUS and TACACS+ issues with Cisco ACS, follow these steps:
Step 1 Choose Network Configuration using Cisco ACS and view the AAA Clients table to verify that the
Cisco SAN-OS switch is configured as an AAA client on Cisco ACS.
Step 2 Choose User Setup > User Data Configuration to verify that the user is configured.
Step 3 View the Cisco IOS/PIX RADIUS Attributes setting for a user. Verify that the user is assigned the correct
roles in the AV-pairs. For example,
shell:roles=”network-admin”.
Note The Cisco IOS/PIX RADIUS Attributes field is case-sensitive. Verify that the role listed in the
AV-pair exists on the Cisco SAN-OS switch.
Step 4 If the Cisco IOS/PIX RADIUS Attributes field is not present, follow these steps:
a. Choose Interface > RADIUS (Cisco IOS/PIX).
b. Check the User and Group check boxes for the cisco-av-pair option and click Submit.
c. Choose User Setup > User Data Configuration and add the AV-pair to assign the correct role to
each user.
Step 5 Choose System Configuration > Logging to activate logs to look for reasons for failed authentication
attempts.
Step 6 Choose Reports and Activity to view the resulting logs.
Step 7 On the Cisco SAN-OS switch, use the show radius-server command to verify that the RADIUS server
timeout value is set to 5 seconds or greater.
Table 17-4 User Cannot Access Certain Features
Symptom Possible Cause Solution
User cannot access
certain features.
User is assigned incorrect role.
For RADIUS, configure the vendor-specific attributes on
the server for the role using:
Cisco-AVPair = shell:roles="
rolename1 rolename2"
.
For TACACS+, configure the attribute/value pair on the
server for the role using:
roles="
rolename1 rolename2"
.
Verify that all roles are defined on the switch.
Role is not configured for appropriate
access.
See Chapter 18, “Troubleshooting Users and Roles.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 9134 - MDS Multilayer Fabric Switch and is the answer not in the manual?

Cisco 9134 - MDS Multilayer Fabric Switch Specifications

General IconGeneral
BrandCisco
Model9134 - MDS Multilayer Fabric Switch
CategorySwitch
LanguageEnglish

Related product manuals