Prime Infrastructure 2.x tacacs+ with radiator

Trying to setup Prime Infrastructure 2.x (2.2) to use Tacacs+.  The Tacacs service is running on a Linux server running Radiator(4.12).  With Radius and Radiator all we needed to do is define the user group and all the tasks associated with that group were inherited.  
When configuring the TACACs configuration files have tried various permutations of adding the cisco-avpair(cisco-av-pair) reply attrs on authentication and/or authorization. When defining the group or using the individual tasks I get the following error message:
"no authorization information found for remote authenttication user. please check the correctness of the associated task(s) and Virtual Domain(s) in the remote server"
<ServerTACACSPLUS>
    Key SECRET
    Port 49
    GroupMemberAttr OSC-Authorize-Group
    # General Authorization rule format:
   AuthorizeGroup core-group permit protocol=HTTP service=NCS {cisco-av-pair="virtual-domain0=ROOT-DOMAIN" cisco-av-pair="role0=Super Users" }
</ServerTACACSPLUS>

It's not yet supported. Cisco doesn't generally publish roadmaps publicly for future support. The best you can do via public sources is to continue to watch the Supported Devices lists for updates.
As of right now, here is a list of the current data center switches supported (in PI 2.1):
Cisco Nexus 6004 Switch
Cisco Nexus 5596T Switch
Cisco Nexus 5010 Switch
Cisco Nexus 5020 Switch
Cisco Nexus 5020T Switch
Cisco Nexus 7000 10-Slot Switch
Cisco Nexus 7000 18-Slot Switch
Cisco Nexus 1000V Series Switches
Cisco Nexus 1010 Virtual Services Appliance
Cisco Nexus 4001I Switch Module for IBM BladeCenter
Cisco Nexus 4005I Switch Module for IBM BladeCenter
Cisco Nexus 5548P Switch
Cisco Nexus 5548UP Switch
Cisco Nexus 5596UP Switch
Cisco Nexus 3064 Switch
Cisco Nexus 3048 Switch
Cisco Nexus 3016 Switch
Cisco Nexus 7000 9-Slot Switch
Cisco Nexus 9500 Switch
Cisco Nexus 3548 Switch

Similar Messages

  • Cisco Prime Infrastructure 1.2 synchronizaton with active directory

    hi all
    I have installed Cisco Prime Infrastructure 1.2 and I want to make a synchronization between the PI and the active directory
    note:
    I want to make that to be able to search about the users on cisco prime infrastructure using Hostname instead of serching on it using IP or MAC address.
    how can I do this task ???
    thanks all.
    I appreciate your support.

    Hi Mohamed,
    Integration with AD is not supported in PI
    Thanks-
    Afroz
    [Do rate the useful post]

  • Prime Infrastructure 2.1 problem with sorting devices in device groups

    Hi,
    I have a problem with prime infrastructure, namely prime is not doing appropriate sorting of devices in default device groups.
    Example: device type > routers > Cisco 2800 series integrated services routers - under shown results there are Cisco 2911 Integrated Service router, Cisco 2901 etc.
    Any solution? 
    Tnx

    Hi all:
    I have tried using Designing Monitoring Template to set the Health Check Polling time from default 15 minutes to 5 minutes and also tried also 1 minute.
    The result is 5 minutes is working but 1 minute is not working.
    May I know any one can help on this?
    Many thanks!
    Best regards,
    tangsuan

  • PRIME Infrastructure OVA co-residency with CUCM on UCS

    Hallo All.
    Has anyone installed the PRIME Infrastructure OVA alongside CUCM on a UCS?
    I've been looking at this document
    http://docwiki.cisco.com/wiki/Unified_Communications_Virtualization_Sizing_Guidelines but it is vague on PRIME Infra.
    Also, the CUCM I am installing alongside is v8.5
    Any thoughts?
    Cheers
    David

    The PI documentation is lagging a bit - the only requirements for the current release are what's in the Quick Start Guide here.
    There is no requirement for dedicated cores. As long as your VM meets the hardware specification of the QSG, your installation should be OK. (Of course, it doesn't hurt to provide more than the minimum requirements.)

  • Cisco Prime Infrastructure 1.3 Tacacs+ authorization problem

    Hello,
    We are having trouble setting our new installation of Cisco PI 1.3 to work with Tacacs+ configured on ACS 4.2.
    We have followed procedure explained in Cisco PI 1.3 configuration guide and in Tacacs+ logs we can see that we have successful authentification but authorization is unsuccessful:
    21/05/2013,16:36:44,Authen OK,pradoicic,admins,192.168.187.109,,192.168.187.109,wifi-prime-p-vm01,AP,ACS1AERO,1,,,192.168.187.109,No Filters activated.,,,No,
    21/05/2013,16:36:44,Author failed,pradoicic,admins,192.168.187.109,,Service denied,protocol=HTTP service=NCS,NCS HTTP,192.168.187.109,wifi-prime-p-vm01,AP
    We have added user group into ACS as is explained in configuration gude and we have also tried to add virtual domain at the beggining or at the and of the list but that didn't solve our problem.
    Is there anything that we can do in order to make Cisco PI to authentificate users using Tacacs+?
    Any help in finding solution for this problem will be very appreciated.
    Regards,
    Jelena

    Hi,
    On the Cisco PI side we have:
    1. Added Tacacs+ server under Administration > AAA > TACACS+
        We have entered all required parameters
    2. Enabled AAA Tacacs+ mode under Administration > AAA > AAA Mode and we have choosed on auth failure or no server response oprion.
    On the ACS side:
    1. Under Network Configuration > New Entry we have added Cisco PI
    2.  Under Interface Configuration >TACACS+ (Cisco IOS) > New Services >
    we have added Prime and HTTP (we have checked box infront of these service).
    3. Under Group Setup > Edit Settings > prime HTTP service we have added custom attributes that we have copied from Cisco PI Admin group. We have also exported virtual domain information from Prime and have imported them on the beggining of the custom attributes and we have also tried to place that virtual domain information on the end but we have the same behavior.
    For some reason ACS doesn't know how to return authorization information.
    Regards,
    Jelena

  • Prime Infrastructure failed to communicate with MSE

    We have PI 2.0 and MSE 7.4.110 running on VMware under same subnet. Both of this able to ping each other but unable to communicate SOAP/XML via HTTP/HTTPS. I tried to telnet MSE port 443 also no respond but I check on MSE firewall is "disable". I also try to stop/start the service with below script but no luck.
    Step 1 Tstop the software, enter /etc/init.d/msed stop.
    Step 2 To check status enter /etc/init.d/msed status.
    Step 3 To start the software, enter: /etc/init.d/msed start.
    After checking on MSE with Step 2 command, i found out that both HTTP and HTTPS is "false". Is they anyway to enable this services?
    Has anyone ever solve the problem?

    I had a similar issue with only difference being the Use HTTPS: null. I ended up re-running the setup ( via /opt/mse/setup/setup.sh) and reset the NCS username and password back to the default (select D). Then it worked straight away.

  • Cisco Prime Infrastructure 1.3 - SNMPv3 can´t get CPU, memory info.

    Hi,
    I have a Cisco Prime Infrastructure 1.3 deployment with Catalyst 2960S switches. Switches are running IOS 15.0(2) SE2. All switches have SNMPv2 configured, and all appears to be fine. I'm migrating one switch to SNMPv3, and PI have reachability to the switch, but PI doesn´t receive traps from the switch, and neither poll CPU and memory information (all displays 0.00%).
    Somebody have a sample configuration of SNMPv3 with Cisco Prime (Infrastructure or LMS)? I cannot find a Cisco official (or unofficial) document related to this version, usually all mention SNMPv2.
    Thank you.
    Eduardo

    Hi Eduardo:
    SNMPv3 is indeed supported for general administration.  There's a bug with SWIM using SNMPv3 (CSCud92758), but you should be fine for just monitoring.  Have you deleted the switch, waited until Prime Infrastructure told you it was gone, then readded it as SNMPv3 natively?  Bug CSCug78869 keeps things from working well when changing SNMP versions. 
    If you don't have the new Update-1 patch for Prime Infrastructure 1.3.0.20 installed (filename PI_1.3.0.20_Update_1-12.tar.gz) installed, I'd suggest you get it.  While it's not going to specifically address this issue, there are a lot of really good fixes in it.
    Release Notes for Update 1 for Cisco Prime Infrastructure 1.3.0.20

  • Ask the Expert: One Management with Prime Infrastructure 1.2

    With Tejas Shah
    Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions from Cisco expert Tejas Shah on One Management with Prime Infrastructure 1.2 Combining the wireless functionality of Cisco Prime Network Control System (NCS) with the wired functionality of Cisco Prime LAN Management Solution (LMS),  Cisco Prime Infrastructure simplifies and automates many of the day-to-day tasks associated with maintaining and managing the end-to-end network infrastructure from a single pane of glass. The new converged solution delivers all of the existing wireless capabilities for RF management, user access visibility, reporting, and troubleshooting along with wired lifecycle functions such as discovery, inventory, configuration and image management, automated deployment, compliance reporting, integrated best practices, and reporting.
    Tejas Shah is a senior technical marketing engineer for Cisco Prime Infrastructure and Collaboration products. He has deployed Cisco Prime Collaboration Manager at various customer sites to help customers monitor and troubleshoot their video infrastructure. In addition, he is part of the Network Operations Center team at Cisco Live events for six years. Shah joined Cisco in 1995 and was in the Technical Assistance Center team supporting various network management system products for more than six years.
    Remember to use the rating system to let Tejas know if you have received an adequate response. 
    Tejas might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Wireless Mobility sub-community discussion forum shortly after the event. This event lasts through Sept 21, 2012. Visit this forum often to view responses to your questions and the questions of other community members.

    Raun, please see my responses inline:
    Can you go over the licensing method with Prime Infrastructure 1.2 please? 
    Raun, you can check out the following link for ordering guide at
    http://www.cisco.com/en/US/products/ps12239/products_data_sheets_list.html
    I currently have NCS and do NOT currently have LMS.  I know I can move to Prime Infrastructure through Cisco Product Upgrade Tool.  However, what I am confused about is do I still have to buy LMS to have LMS functionality in Prime Infrastructure 1.2? 
    ==> Not at all.  The converged product will give you basic management capability for routers and switches that LMS provided in this release.   Feature/Functionality will keep on growing with upcoming releases.
    If not, do the licenses I transfer into Prime Infrastructure 1.2 from NCS also work for devices to work under LMS? 
    ==> Licensing is different than NCS or LMS.  You don't have to transfer the license.  Each install of Prime Infrastructure will have a unique UID string on which the licenses are based.  A new license will be applied to the product.
    Mean, can my currently 350 licenses be used for AP's as in NCS and routers in the LMS portion of Prime Infrastructure 1.2?
    ==> I would recommend getting a total count of your wired and wireless devices and match the right SKU based on that.
    Hope this helps.. Let me know if you have any further questions,
    Tejas

  • Managing vty ACLs with Prime Infrastructure?

    I have a number of devices -- various models of Nexus, (2k - 7k), 6500s and some 1U stackables.
    I'm trying to come up with a good way to leverage PI (2.1) to apply a vty ACL to the switches. There does not appear to be a template for this. The problem of course is not only the order of operation (remove ACL from vty if there is one so Prime doesn't lock itself out, only then do the rest of the stuff) but that the syntax seems to differ very aggravatingly -- some require "line vty 0 1509," some "line vty 0 1510," some platforms accept named ACLs for vty ACLs, some don't...
    Any tips, tricks, or best practices on how to install and update vty ACLs on IOS and/or NX-OS devices with Prime Infrastructure?

    I am also interested in this topic. We have vty ACLs in place but with different names. Would like to be able to find and update the ACL's and vty config. Using PI 2.1.

  • Managing Prime Infrastructure 1.2 with MS IAS Radius

    HI,
    I have configured the PI 1.2il MS IAS radius server to authenticate machine with the management domain credentials.
    When I needed to migrate the atuthenticatione from local to radius mode and I went to AAA and I select "with Radius server."
    On the MS IAS I imported the tasks for users with role lobby ambassador and when I turned on the authentication mode in PI 1.2 with AAA Radius Server, the user was able to authenticate properly.
    When I imported Admin or Root tasks on the server could not let the user management interface in Prime.
    there is a documentation update?
    Regards
    Andrea

    I wrote about this some time ago.  Its based on NPS but you should be able to tweak it for IAS as well.
    http://technologyordie.com/windows-nps-radius-authentication-of-cisco-prime-infrastructure
    - Be sure to rate all helpful posts

  • UPS monitoring support with Cisco Prime Infrastructure 1.2

    Dear Members,
    Good day,
    I am having a project implemented wherein i have the UPS power redudancy solution for our network devices.
    Now can anyone gide that is it possible for below :-
    UPS units installed with SNMP cards be monitored via Cisco Prime Infrastructure 1.2 as our monitoring & management solution is Cisco Prime Infrastructure 1.2 ?
    if yes
    Can you guide if following action would be possible to export the below logs from UPS unit to our Cisco Prime Infrastructure 1.2
       a) UPS fault status information
       b) UPS operational status(input power available Y/N)
       c) Battery fault status
       d) Battery charging current
       e) Battery charge level
       f) Output current
    Conclusion is we need to confirm that would it be posible to achieve remote monitoring of these UPS units via our CPI 1.2
    Thanks in Advance for your support & replies to this query.
    Regards,
    Muzammil N.

    Prime Infrastructure 1.2 can manage non-Cisco devices in a limited fashion via SNMP query and trap processing. It cannot import logs and does not have a generic syslog server,
    So if your devices have snmp read only support and can generate SNMP traps for the above you can add them to PI. Follow the manual add device procedure here.

  • Cisco Prime Infrastructure 1.2 with Cisco Prime Network Control System Hardware Appliance

    Hi Team,
    I have  following BOM
    Cisco Prime Infrastructure
    R-PI-1.2-K9
    Cisco Prime Infrastructure 1.2
    1
    R-PI-1.1-500-K9
    Prime Infrastructure 1.2 Software - 500 Device Base Lic
    1
    L-PILMS42-500
    Prime Infrastructure LMS 4.2 - 500 Device Base Lic
    1
    L-PINCS12-500
    Prime Infrastructure NCS 1.2 - 500 Device Base Lic
    1
    PRIME-NCS-APL-K9
    Cisco Prime Network Control System Hardware Appliance
    1
    PI-APL-IMAGE-1.2
    Cisco Prime Infrastructure 1.2 Appliance Software
    1
    Pls let me know if we have both NCS and LMS preinstalled with Cisco Prime Infrastructure 1.2 Appliance Software orwe need seperate appliance or server for LMS 4.2. 
    Regards

    Hi Scott,
    Thanks for the response but I got to know that LMS and NCS are combined in single ISO image from PI 1.2 and can be installed on the same physical NCS appliance.
    Can you pls check this.
    Regards

  • Cisco Prime Infrastructure 1.2 with SNMPv3

    Dears,
    I am trying to add a router on Cisco Prime Infrastructure 1.2 using snmpv3 (authpriv, sha & aes256). When i go to device work center and add a device, i cannot find the AES-256 in the privacy options. Only None, DES, and AES-128 are available.
    Is there any workarround?
    Please advise.
    Moustafa

    PI only supports SNMP privacy up through AES-128 at this time. Reference the guide section on adding an new SNMP credential entry.
    Additionally there is a bug with SNMP v3 support in PI 1.2. It should be resolved in PI 1.3.

  • Cisco Prime Infrastructure 2.0 cannot establish connectiont with WLC5508 7.4.110

    I have two wlc 5508 in HA with image version 7.4.110. These two WLC are connected on two 6509 Catalyst Switch VSS system. On the WLC the LAG are enabled for the connection to the VSS. When i am trying to add the WLC to PI 2  once is succsessful. The connection continew working for a wile and after 3 hours or 5 hours or 1 day lost the connection between these two (WLC 5508 & PI.2) . After this trying again to add the WLC to PI.2 with no success . It became unreachable but the ping between the WLC & PI.2 its working fine.
    It realy importand for me to add the WLC to PI.2 becouse it is the eyes for the APs for me.
    Also the image of WLC 7.4.110 is compatible for PI.2 . I check it at cisco matrix files. Cisco also sugest 7.4.110 image for PI.2
    any idea........?

    The subject of the posting shows Prime Infrastructure 2.0 but in the body of the message you've got Prime Infrastructure 1.2
    If it's in fact Prime Infrastructure 1.2 ::: 1.2 and 7.4.110.0 code isn't compatible
    http://www.cisco.com/en/US/partner/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html#wp92761
    1.2.1.12
    7.3.112.0
    7.3.101.0
    7.2.115.2
    7.2.111.3
    7.2.110.0
    7.2.103.0
    7.0.240.0
    7.0.235.3
    7.0.235.0
    7.0.230.0
    7.1.91.0
    7.0.220.0
    7.0.116.0
    7.0.98.218
    7.0.98.0
    7.3.101.0
    7.2.110.0
    7.2.103.0
    7.0.240.0
    7.0.230.0
    7.0.220.0
    7.0.201.204
    7.0.112.0
    7.0.105.0
    ISE 1.0
    ISE 1.1
    IOS12.2(50)SE
    IOS12.2(50)SG
    IOS12.2(33)SXI
    If deploying Prime Infrastructure as a virtual appliance on a customer-supplied server, one of the following versions of VMware ESX or ESXi can be used:
    •VMware ESX or VMware ESXi Version 4.0
    •VMware ESX or VMware ESXi Version 4.1
    •VMware ESXi Version 5.0
    Note VMware Tools Version 4.1 is preinstalled in the Prime Infrastructure virtual appliance.

  • Can i install Cisco prime infrastructure 1.3 with 1.1 license.

    Can i install Cisco prime infrastructure 1.3 with 1.1 license.To be more precise it will be fresh installation
    but the licenses I have is of 1.1.As per my overview from Cisco prime Infrastructure 1.2 NCS and NCS(WAN)
    has been bundled into one service.But both were seperate entities in Cisco Prime Infrastructure 1.1.

    It doesn't matter if you want to make a new installation or an upgrade. The questions is the license.
    The base license is necessary for network management nodes (devices). But to get updates for your system you need the additional to your Base License the Lifecycle License (which can be ordered for 12, 24 or 36 months).
    The Lifycycle License is also based on the number of managed devices. In your case 50 devices. So you have that License - congratulations!
    Otherwise order the Lifecycle License for 50 devices (L-N-PI12-50-M). This generates CON-PSUU-PI12LF50 for 12 months, list price 414,81$. Then Upgrade from 1.1 to 1.2, patch the system and upgrade to 1.3.
    Have fun,
    Chris

Maybe you are looking for

  • Frameset in DW 6

    I know it is not done anymore, but I am a teacher at Dirksen opleidingen and would like to know what the best way is of making a frames site (with of course a frameset) in Dreamweaver CS6. I know that the layout for the frameset no longer is supporte

  • Error running Appln in Websphere Studio

    While running my application from Websphere Application Developement IDE i am getting the following error Error occurred during initialization of VM java/lang/NoClassDefFoundError: java/lang/Object can anyone pls clarify this???

  • Thumbnails in Navigator and slides in Light Table sizing?

    can the thumbnails in the Navigator view be made larger and the same thing in the light table view... can these be made larger too? Thank you

  • Customer and its G/L account

    hi experts, I have G/L account information with company code in SAK1.i want to know the table which has customer of G/L account for the same company code and its cost centre

  • Validating Input fields in Interactive Adobe Forms with Webdynpro ABAP

    Dear Friends, Am new to Interactive Adobe forms with Webdynpro Abap, My scenario is, I have few Input fields, i need to handle the Messages when am not entering values in any of the Input Field, and raise the message when i click on Save Button. I ha