SevOne SDN Collector Set APIC User Account

SevOne Documentation

All documentation is available from the IBM SevOne Support customer portal.

© Copyright International Business Machines Corporation 2023.

All right, title, and interest in and to the software and documentation are and shall remain the exclusive property of IBM and its respective licensors. No part of this document may be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the written consent of IBM.

IN NO EVENT SHALL IBM, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY EVEN IF IBM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND IBM DISCLAIMS ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER INCLUDING WITHOUT LIMITATION THE WARRANTIES OF DESIGN, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT.

IBM, the IBM logo, and SevOne are trademarks or registered trademarks of International Business Machines Corporation, in the United States and/or other countries. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on ibm.com/trademark.

About

This document describes how to set an APIC User Account.

The user account used by SevOne SDN Solution to communicate with the APIC must have Role admin Access read in Security Domain all. Execute the following steps to set up a new user account for SevOne SDN Solution.

APIC version 4.0 is used for the steps. If you are using a different version, the screenshots may vary.

Set APIC User Account

  1. Login to the APIC with an account that has rights to create users.

    APIC Login
  2. Select Admin tab.

    APIC Admin
  3. Right-click Users and select Create Local User.

    Create Local User
  4. For STEP 1 > User Identity, enter values in the following fields. For example:

    • Login ID: sevone

    • Password: <password>

    • Confirm Password: <password>

    • First Name: SevOne

    • Last Name: ACI Solution

      User Identity
  5. Click Next.

  6. For STEP 2 > Security, under the Security Domain section, select check box, all.

    Security Domain
  7. Click Next.

  8. For STEP 3 > Roles, click the Plus Icon icon for Domain all.

    Roles
  9. Enter the following fields - Role Name and Role Privilege Type. For example, Role Name = admin and Role Privilege Type = Read.

  10. Click Update.

  11. Click Finish.

    Admin Read
  12. Upon clicking the Finish button, you get the following.

    Users
  13. Double-click the sevone Login ID.

    Local User SevOne
  14. Scroll down to Security Domains.

    Local User SevOne Security Domain
  15. Click the > next to Security Domain all to show assigned roles.

    Security Domain All
  16. Under the Security Domain all, ensure that Role admin and Access readPriv exist.

  17. Click Close to exit.

Set APIC User Account using TACACS

To meet SevOne requirement of the following, SevOne requires the Cisco AV pair associated with the sevone ACI account to be shell:domains=all//admin.

  • Role: admin
  • Access: read
  • Security Domain in TACACS

For additional details, please refer to Cisco TACACS documentation (https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/b_KB_ACI-TACACS-config.html).