Privilege Level to Scan Cisco NX-OS ACI
Click here to view navigation pane

Privilege Level to Scan Cisco NX-OS ACI

Cisco ACI (Application Centric Infrastructure) is a software-defined networking (SDN) solution designed for automating and managing network resources in data centers.

It consists of the Application Policy Infrastructure Controller (APIC), which serves as the centralized management and automation hub. APIC controls leaf switches and spine switches that form the ACI fabric, providing high-speed connectivity and scalable network architecture.

User and access management in Cisco ACI is centralized through APIC. Administrators define and manage user accounts, roles, and permissions using APIC's interface or REST APIs. Role-Based Access Control (RBAC) is employed to regulate access to network resources based on predefined roles, ensuring secure and efficient network operations.

Note: A read-only user for APIC must be used to scan its NX-OS leaf switches.

The minimum privilege level of user-role can be set as read-all. The admin role has read access to all classes and write access to all configurable classes. 

Perform the steps to configure user with security domain and create an authentication record.

Steps to Configure a user with a security domain and adding customer roles and privileges

To configure a user with a security domain, perform the following steps:

  1.  Login to Cisco APIC. 
     
  2.  Go to Admin tab > AAA (Authentication, Authorization, and Accounting) menu.
     
  3.  Click Users in the Navigation pane.
    Ensure you are on the Local Users tab in the work pane.

    Selecting Create Local User through Admin tab.
     
  4. Click Actions icon drop-down list in the work pane and select Create Local User.

    selecting Create Local User from action icon drop down list.

    The Create Local User window is displayed.
     
  5. Enter the user ID in the Login ID field, password and Confirm Password in the Password and Confirm Password field.

    Ener the login ID and password in User Identity domain.
     
  6. Click Next. This navigates to the Security domain. 
     
  7. Select the checkbox all under Security Domain and click Next. This navigates to the Roles domain.

    Select Security domain as all in Security domain.
     
  8. Click add symbol in Domain all. Click Role Name drop-down list to select read-all and configure the Role Privilege Type as Read.

    configure the ole privilege level as Read.
     
  9. Click Update.

    A set of Privileges can also be added to different roles.

    Privileges added to different roles.

 Steps to create an authentication record for Cisco NX-OS ACI Mode

You can create an authentication record by selecting:

Create an authentication record by selecting Network and Security

  1. Go to ScansAuthentication > New > Network and Security > Network SSH.

    Creating an aurth record by selecting network and security.
     
  2. Enter the UsernamePassword and Confirm Password.
     
  3. Select the Target Type as Cisco NX-OS ACI Mode (PC).


    Selecting the target type as CiscoNX-OS.
     
  4. Click Create.

Create an authentication record by selecting an Operating System

  1. Go to ScansAuthentication > New > Operating System > Unix.

    Creating an auth record by selecting Operating system.
     
  2. Enter the Username, Password, and Confirm Password.
  3. Select the Target Type as Cisco NX-OS ACI Mode (PC).


    selecting the target type as Cisco NX-OS.
  4. Click Create.

    1.