• Nexus Dashboard
  • USER: admin
  • PASS: cisco.123
  • ND-1 Web Interface
  • ND-2 Web Interface
  • DEV Server
  • USER: cisco
  • PASS: cisco.123
  • ssh address: 10.0.208.32
  • VNC address: 10.0.208.32:5901
  • Switch Login
  • USER: admin
  • PASS: cisco.123
  • Site1-S1: 10.3.22.11
  • Site1-S2: 10.3.22.12
  • Site1-L1: 10.3.22.13
  • Site1-L2: 10.3.22.14
  • Site1-BL1: 10.3.22.15
  • Site1-BGW1: 10.3.22.16
  • Site2-S1: 10.3.22.17
  • Site2-L1: 10.3.22.18
  • Site2-BGW1: 10.3.22.19
  • Ext-Rtr: 10.3.22.10
  • Core-Rtr: 10.3.22.20
RBAC

Nexus Dashboard

Role-Based Access Control (RBAC)

Configure centralized authentication and authorization for Nexus Dashboard using Cisco ISE and TACACS+. Eliminate local account management and enforce role-based permissions across your entire data center infrastructure.

What You'll Achieve

  • Centralized Identity Management — Users authenticate with ISE credentials, not local accounts
  • Automated Role Enforcement — Permissions applied automatically based on user roles
  • Enhanced Security — TACACS+ provides secure authentication and command authorization
  • Simplified Operations — Manage access from one place instead of configuring each device

In this section, you'll integrate Cisco Identity Services Engine (ISE) as the security policy management platform for Nexus Dashboard. Roles defined in ISE will govern permissions for both local and external authentication, applying to ND itself and its integrated services.

Step 1 - Configure TACACS+ Login Domain

Create a new TACACS+ login domain that connects Nexus Dashboard to your ISE server for centralized authentication.

  1. Click Admin in the left navigation bar
  2. Click Users and Security


  3. Click Authentication
  4. Click Create login domain


  5. Name: cl-ise
  6. Realm: Select TACACS+
  7. Click Add Provider


  8. Hostname/IP address: 10.3.0.10
  9. Key: cisco.123
  10. Confirm Key: cisco.123
  11. Username: pod22u1
  12. Password: cisco.123
  13. Click Save


  14. Click Save

Step 2 - Set Default Authentication Method

Configure cl-ise as the default login domain to streamline future logins. Users will automatically authenticate via ISE/TACACS+ without selecting the domain manually.

  1. Click Edit

  2. Select cl-ise
  3. Click Save

Note: After clicking Save, ND will return to the Users and Security page, where the default authentication method should now display as cl-ise.

Step 3 - Verify RBAC Configuration

Test your RBAC configuration by logging out and logging back in with ISE credentials. This validates that TACACS+ authentication is working correctly.

  1. Click Admin in the top right corner of the page
  2. Click Logout


  3. User Name: pod22u1
  4. Password: cisco.123
  5. Login Domain: cl-ise
  6. Click Login

Success!

Upon successful login, your username pod22u1 will be displayed in the user interface, confirming that ISE authentication is working correctly.