For more details, please see ourCookie Policy.


Fibre Channel (SAN)

Reply
Occasional Contributor
Posts: 5
Registered: ‎05-08-2019

What FOS (8.2) attributes do I need in Cisco ACS (5.8) to grant TACACS+ login an admin chassisRole?

Hello, 

 

I have TACACS+ setup on a pair of Brocades but I forgot to include the "local" -backup option and now I have no admin access to the box. My TACACS+ server is on Cisco ACS version 5.8. 

 

I have the following under Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles 

Attribute: brcd-role=admin

 

This gives me the following when I login and do a userconfig--show

username: x

description: remote account

enabled: yes

password last change date: unknown

password expiration date: not applicable

locked: no

home LF role: admin

role-lf list: admin: 128

no chassis permission

home lf: 128

day time access: n/a

 

Any idea how in the world I configure the correct attribute to grant admin chassisRole on Cisco ACS? 

 

External Moderator
Posts: 5,679
Registered: ‎02-23-2004

Re: What FOS (8.2) attributes do I need in Cisco ACS (5.8) to grant TACACS+ login an admin chassisRole?

@milhouse79 

 

--->>.........setup on a pair of Brocades but I forgot to include the "local" -backup option and now I have no admin access to the box.

 

unplugg the LAN Cable from Brocade Switches, wait for a Hours, and the try again to login trough the console port,

 

now you can reset the AAA Setting in Brocade

TechHelp24
Occasional Contributor
Posts: 5
Registered: ‎05-08-2019

Re: What FOS (8.2) attributes do I need in Cisco ACS (5.8) to grant TACACS+ login an admin chassisRole?

Thanks, but do you know the attributes that are needed to use TACACS+  with Cisco ACS?

External Moderator
Posts: 5,679
Registered: ‎02-23-2004

Re: What FOS (8.2) attributes do I need in Cisco ACS (5.8) to grant TACACS+ login an admin chassisRole?

@milhouse79 

 

--->>>.....but do you know the attributes that are needed to use TACACS+ with Cisco ACS?

 

No Sorry.

TechHelp24
Occasional Contributor
Posts: 5
Registered: ‎05-08-2019

Re: What FOS (8.2) attributes do I need in Cisco ACS (5.8) to grant TACACS+ login an admin chassisRole?

Also, can you clarify how long you were referring to with the suggestion to remove it for "a hours"? 

 

Is that one hour? Is it less than an hour?

Occasional Contributor
Posts: 5
Registered: ‎05-08-2019

Re: What FOS (8.2) attributes do I need in Cisco ACS (5.8) to grant TACACS+ login an admin chassisRole?

Also, instead of removing the cable, can I just disable the upstream port the brocade is connected to and receive the same result, or do I absolutely need to remove the cable? I would assume I could just disable the upstream switchport connected to the mgmt0 interface and the same result would occur

External Moderator
Posts: 5,679
Registered: ‎02-23-2004

Re: What FOS (8.2) attributes do I need in Cisco ACS (5.8) to grant TACACS+ login an admin chassisRole?

@milhouse79 

 

 

--->>>.... can you clarify how long you were referring to with the suggestion to remove it for "a hours"? 

 

NO! try in 30 minutes.

 

if not work you need simple to repeat the procedure and wait again.

 

otherwise have a bit patience and unplug the cable for 1+ Hour

TechHelp24
Occasional Contributor
Posts: 5
Registered: ‎05-08-2019

Re: What FOS (8.2) attributes do I need in Cisco ACS (5.8) to grant TACACS+ login an admin chassisRole?

Thanks. I'll try that. 

External Moderator
Posts: 5,679
Registered: ‎02-23-2004

Re: What FOS (8.2) attributes do I need in Cisco ACS (5.8) to grant TACACS+ login an admin chassisRole?

@milhouse79 

 

 

see this blog, to compare if all settings are made correct.

 

https://blog.remembertheview.com/2015/09/01/setting-brocade-switches-tacacs-authentication-cisco-acs/

 

 

TechHelp24

Join the Broadcom Support Community

Get quick and easy access to valuable resources across the Broadcom Community Network.