Assurance
|
Assure consistent service levels with complete visibility across all aspects of your network.
|
Monitoring and Troubleshooting
|
Monitor and manage the health of your network with issue troubleshooting and remediation, proactive network monitoring, and
insights driven by AI Network Analytics.
This role lets you:
-
Resolve, close, and ignore issues.
-
Run Machine Reasoning Engine (MRE) workflows.
-
Analyze trends and insights.
-
Troubleshoot issues, including path trace, sensor dashboards, and rogue management.
-
Run workflows for rogue and Cisco Advanced Wireless Intrusion Prevention System (aWIPS). These workflows include AP-allowed
list, vendor-allowed list, aWIPS profile creation, assigning an aWIPS profile, and so on.
|
Monitoring Settings
|
Configure and manage issues. Update network, client, and application health thresholds.
Note: You must have at least Read permission on Monitoring and Troubleshooting.
|
Troubleshooting Tools
|
Create and manage sensor tests. Schedule on-demand forensic packet captures (Intelligent Capture) for troubleshooting clients.
Note: You must have at least Read permission on Monitoring and Troubleshooting.
|
Network Analytics
|
Manage network analytics-related components.
|
Data Access
|
Enable access to query engine APIs. Control functions such as global search, rogue management, and aWIPS.
Note: Setting the permission to Deny affects Search and Assurance functionality.
|
Network Design
|
Set up the network hierarchy, update your software image repository, and configure network profiles and settings for managing
your sites and network devices.
|
Advanced Network Settings
|
-
Update network settings, such as global device credentials, authentication and policy servers, certificates, trusted certificates,
cloud access keys, Stealthwatch, Umbrella, and data anonymization.
-
Export the device inventory and its credentials.
Note: To complete this task, you must have Write permission on Network Settings.
|
Image Repository
|
Manage software images and facilitate upgrades and updates on physical and virtual network entities.
|
Network Hierarchy
|
Define and create a network hierarchy of sites, buildings, floors, and areas based on geographic location. Users with this
role can also add CMX servers in .
|
Network Profiles
|
Create network profiles for routing, switching, and wireless. Assign profiles to sites. This role includes CLI Templates,
Tagging, Feature Templates, and Authentication Template.
Note: To create SSIDs, you must have Write permission on Network Settings.
|
Network Settings
|
Common site-wide network settings such as AAA, NTP, DHCP, DNS, Syslog, SNMP, and Telemetry. Users with this role can add an
SFTP server and modify the Network Resync Interval in .
Note: To create wireless profiles, you must have Write permission on Network Profiles. To assign a CMX server to a site, building, or floor, you must have Write permission on Network Hierarchy.
|
Virtual Network
|
Manage virtual networks (VNs). Segment physical networks into multiple logical networks for traffic isolation and controlled
inter-VN communication.
|
Network Provision
|
Configure, upgrade, provision, and manage your network devices.
|
Compliance
|
Manage compliance provisioning.
|
EoX
|
Scan the network for details on publicly announced information pertaining to the End of Life, End of Sales, or End of Support of the hardware and software in your network.
Note: To view EoX scans, you must have Read permission on Compliance. To run EoX scans, you must have Write permission on Compliance.
|
Image Update
|
Upgrade software images on devices that don't match the Golden Image settings after a complete upgrade lifecycle.
|
Inventory Management
|
Discover, add, replace, or delete devices on your network while managing device attributes and configuration properties.
Note: To replace a device, you must have Write permission on .
|
Inventory Management > Device Configuration
|
Device Configuration: Display the running configuration of a device.
|
Inventory Management > Discovery
|
Discovery: Discover new devices in your network.
|
Inventory Management > Network Device
|
Network Device: Add devices from Inventory, view device details, and perform device-level actions.
|
Inventory Insights: Displays device issues, such as Speed/Duplex settings mismatch and VLAN mismatch, and the number of times
each issue occurred. Provides detailed actions for users to perform to revolve the issues. Because this information requires
action, including possible configuration changes, it is not displayed to users who have a read-only role.
|
Inventory Management > Port Management
|
Port Management: Allow port actions on a device.
|
Inventory Management > Topology
|
Topology: Display network device and link connectivity. Manage device roles, tag devices, customize the display, and save
custom topology layouts.
Note: To view the SD-Access Fabric window, you must have at least Read permission on .
|
License
|
Unified view of your software and network assets relative to license usage and compliance. The role also controls permissions
for cisco.com, Cisco credentials, device EULA, and Smart accounts.
|
Network Telemetry
|
Enable or disable the collection of application telemetry from devices. Deploy related settings, such as site telemetry receivers,
wireless service assurance, and controller certificates, to devices.
Note: To enable or disable the collection of application telemetry, you must have Write permission on Provision.
|
PnP
|
Automatically onboard new devices, assign them to sites, and configure them with site-specific contextual settings.
|
Provision
|
Provision devices with the site-specific settings and policies that are configured for the network. This role includes Fabric,
Application Policy, Application Visibility, Cloud, Site-to-Site VPN, Network/Application Telemetry, Stealthwatch, Sync Start
vs Run Configuration, and Umbrella provisioning.
On the main dashboards for rogue and aWIPS, you can enable or disable certain actions, including rogue containment.
To provision devices, you must have Write permission on Network Design and Network Provision.
|
Network Services
|
Configure additional capabilities on the network beyond basic network connectivity and access.
|
Application Hosting
|
Deploy, manage, and monitor virtualized and container-based applications running on network devices.
|
Bonjour
|
Enable the Wide Area Bonjour service across your network to enable policy-based service discovery.
|
Stealthwatch
|
Configure network elements to send data to Cisco Stealthwatch to detect and mitigate threats, even in encrypted traffic.
To provision Stealthwatch, you must have Write permission on the following components:
|
Umbrella
|
Configure network elements to use Cisco Umbrella as the first line of defense against cybersecurity threats.
To provision Umbrella, you must have Write permission on the following components:
You must also have Read permission on Advanced Network Settings.
|
Platform
|
Open platform for accessible, intent-based workflows, data exchange, notifications, integration settings, and third-party
app integrations.
|
APIs
|
Drive value by accessing Catalyst Center through REST APIs.
|
Bundles
|
Enhance productivity by configuring and activating preconfigured bundles for ITSM integration.
|
Events
|
Subscribe to get notified in near real time about network and system events of interest and initiate corrective actions.
You can configure email and syslog logs in .
|
Reports
|
Generate reports using predefined reporting templates for all aspects of your network.
Generate reports for rogue devices and for aWIPS.
You can configure webhooks in .
|
Security
|
Manage and control secure access to the network.
|
Group-Based Policy
|
Manage group-based policies for networks that enforce segmentation and access control based on Cisco security group tags.
This role includes Endpoint Analytics.
|
IP-Based Access Control
|
Manage IP-based access control lists that enforce network segmentation based on IP addresses.
|
Security Advisories
|
Scan the network for security advisories. Review and understand the impact of published Cisco security advisories that may
affect your network.
|
System
|
Centralized administration of Catalyst Center, which includes configuration management, network connectivity, software upgrades, and more.
|
Machine Reasoning
|
Configure automatic updates to the machine reasoning knowledge base to rapidly identify security vulnerabilities and improve
automated issue analysis.
|
System Management
|
Manage core system functionality and connectivity settings. Manage user roles and configure external authentication.
This role includes Integrity Verification, HA, Disaster Recovery, Debugging Logs, Product Telemetry, System EULA, IPAM, Cisco
AI Analytics, Backup & Restore, and Data Platform.
|
Utilities
|
One-stop-shop productivity resource for the most commonly used troubleshooting tools and services.
|
Audit Log
|
Detailed log of changes made via UI or API interface to network devices or Catalyst Center.
|
Event Viewer
|
View network device and client events for troubleshooting.
|
Network Reasoner
|
Initiate logical and automated troubleshooting for network issues while drawing on the knowledge wealth of network domain
experts.
|
Remote Device Support
|
Allow the Cisco support team to remotely troubleshoot the network devices managed by Catalyst Center. With this role enabled, an engineer from the Cisco Technical Assistance Center (TAC) can connect remotely to a customer's
Catalyst Center setup for troubleshooting purposes.
|
Scheduler
|
Integrated with other back-end services, scheduler lets you run, schedule, and monitor network tasks and activities such as
deploy policies, provision, or upgrade the network.
You can also schedule rogue containment.
|
Search
|
Search for various objects in Catalyst Center, such as sites, network devices, clients, applications, policies, settings, tags, menu items, and more.
|