Send documentation comments to mdsfeedback-doc@cisco.com
18-10
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
OL-9285-05
Chapter 18 Troubleshooting Users and Roles
User and Role Issues
User Has Too Much Access
Symptom User has too much access.
User Cannot Configure Some VSANs
Symptom User cannot configure some VSANs.
Verifying VSAN-Restricted Roles Using Fabric Manager
To verify user role-based access using Fabric Manager, follow these steps:
Step 1 Choose Switches > Security > Users and Roles and select the Roles tab to view the roles.
Step 2 Check the Scope Enable check box to make the role VSAN-restricted.
Step 3 Add the range of VSANs that you want to allow this role to configure in the Scope VSAN Id List field.
Table 18-5 User Has Too Much Access
Symptom Possible Cause Solution
User has too much
access.
User is assigned incorrect role or
overlapping roles.
For RADIUS, configure the vendor-specific attributes on
the server for the role using
Cisco-AVPair = "shell:
roles = "
<rolename>
" ".
For TACACS+, configure the attribute and value pair on the
server for the role using
roles=“vsan-admin
storage-admin
”.
See the “Verifying Roles Using Device Manager” section
on page 18-8 or the “Verifying Roles Using the CLI”
section on page 18-9.
Role is not configured for appropriate
access.
See the “Verifying Roles Using Device Manager” section
on page 18-8 or the “Verifying Roles Using the CLI”
section on page 18-9.
Table 18-6 User Cannot Configure Some VSANs
Symptom Possible Cause Solution
User cannot configure
some VSANs.
User is assigned a VSAN-restricted
role.
See the “Verifying VSAN-Restricted Roles Using Fabric
Manager” section on page 18-10 or the “Verifying
VSAN-Restricted Roles Using the CLI” section on
page 18-11.
To Next Page
Loading...
Need help?
General