SevOne SDN Collector Set APIC and MSO User Account

Edit online
This document provides guidelines on how to set the following user accounts.

Set APIC User Account

Edit online

The APIC user account is used by SevOne SDN Solution to communicate with the APIC must have Role admin Access read in Security Domain all. Execute the following steps to set up a new user account for SevOne SDN Solution.

Note: APIC version 4.0 is used for the steps. If you are using a different version, the screenshots may vary.

Execute the following steps.

  1. Login to the APIC with an account that has rights to create users.

    APIC Login

  2. Select Admin tab.

    APIC Admin

  3. Right-click Users and select Create Local User.

    Create Local User

  4. For STEP 1 > User Identity, enter values in the following fields. For example:
    • Login ID: sevone
    • Password: <password>
    • Confirm Password: <password>
    • First Name: SevOne
    • Last Name: ACI Solution

      User Identity

  5. Click Next.
  6. For STEP 2 > Security, under the Security Domain section, select check box, all.

    Security Domain

  7. Click Next.
  8. For STEP 3 > Roles, click the Plus icon icon for Domain all.

    Roles

  9. Enter the following fields - Role Name and Role Privilege Type. For example, Role Name = admin and Role Privilege Type = Read.
  10. Click Update.
  11. Click Finish.

    Admin Read

  12. Upon clicking the Finish button, you get the following.

    Users

  13. Double-click the sevone Login ID.

    Local User SevOne

  14. Scroll down to Security Domains.

    Local User SevOne Security Domain

  15. Click the > next to Security Domain all to show assigned roles.

    Security Domain All

  16. Under the Security Domain all, ensure that Role admin and Access readPriv exist.
  17. Click Close to exit.

Set APIC User Account using TACACS

Edit online
Important: When APIC is enabled with TACACS, the username of the API must be set as, 

apic:<enter login domain name>\\<enter local username>

To meet SevOne requirement of the following, SevOne requires the Cisco AV pair associated with the sevone ACI account to be shell:domains=all//admin.

  • Role: admin
  • Access: read
  • Security Domain in TACACS

For additional details, please refer to Cisco TACACS documentation (https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/b_KB_ACI-TACACS-config.html).

Set MSO User Account

Edit online

The MSO user account is used by SevOne SDN Solution to communicate with the MSO must have Role admin Access read in Security Domain all. Execute the following steps to set up a new user account for SevOne SDN Solution.

Note: MSO version 2.0 is used for the steps. If you are using a different version, the screenshots may vary.
  1. Login to the MSO with an account that has rights to create users.

    MSO Launch

  2. Select Users from the navigation bar on the left.

    MSO Users

  3. Click the ADD USER button.

    MSO ACI MultiSite

  4. Configure the user-specific account information. For example,
    • USERNAME: sevone
    • PASSWORD: <password>
    • FIRST NAME: SevOne
    • LAST NAME ACI Solution
    • EMAIL ADDRESS: sevone @sevone.com
    • PHONE NUMBER: Enter any phone number
    • ACCOUNT STATUS: Active

      MSO Add User

  5. Scroll down and associate all required roles for the user.

    MSO User Roles

  6. Click Save.
  7. Log out and log in with the new user to validate if the user has been created properly.