03-19-2019 07:12 AM
Hi Experts,
I have 2 questions:
05-01-2019 11:34 PM
for number 1. I found adding the role admin with readPriv allowed the read-only user to login via SSH
04-12-2022 01:24 PM
While creating Cisco AV-pair on the authentication server, please use below.
cisco-av-pair=shell:domains=all/read-all/admin
Only admin role could SSH into leaf and spine, So we need to have admin under read-only
Here is how ACI reads the av-pairs
cisco-av-pair=shell:domains=*/#/$
* -- Define Domains
# -- Define Write privilege roles
$ -- Define read privilege roles
You can define multiple roles or domain separated by |
shell:domains=all/aaa|admin/aaa|admin
OR
Cisco-avpair = "shell:domains = solar/admin/,common//read-all"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide