Administrative Tasks
This chapter contains the following sections:
About AAA Servers
AAA enables the security appliance to determine who the user is (authentication), what the user can do (authorization), and what the user did (accounting). Cisco XNC uses Remote Authentication Dial-In User Service (RADIUS) or Terminal Access Controller Access-Control System Plus (TACACS+) to communicate with a AAA server.
Remote authentication and authorization is supported using the AAA server. For each user to be authenticated, Cisco XNC uses both the login credentials and an attribute-value (AV) pair that assigns the authorized role for the user is configured as part of the user administration. After successful authentication, the Cisco AV pair is returned to Cisco XNC for resource access authorization.
- Adding an AAA Server
- Configuring User Authentication for RADIUS Server
- Viewing a AAA Server
- Deleting a AAA Server
Adding an AAA Server
What to Do Next
If you chose RADIUS as the protocol for the AAA server, you need to configure user authentication for RADIUS.
Configuring User Authentication for RADIUS Server
User authorization on a RADIUS server must conform to the Cisco Attribute-Value (av-pair) format.
shell:roles="Network-Admin Slice-Admin" |
Viewing a AAA Server
Deleting a AAA Server
Users and Roles
Cisco XNC uses users and roles to manage user access. You can assign more than one role to a user. This can be one of the following:
- Network Administrator—Provides full administrative privileges to all Cisco XNC applications.
- Network Operator—Provides read-only privileges to the specified Cisco XNC applications.
- Application User—Provides privileges that are defined in the specified application.
- Slice User—Provides access to a specified slice.
Each user is assigned a role, which determines the permissions that they have. Slice users are assigned to both a role and a slice. The Admin user with the Network Administrator role is created by default when you install Cisco XNC.
Viewing User Information
Adding a User
After creating a user, you can change the password, but you cannot change the roles assigned to the user.
Step 1 | On the Admin drop-down list, choose Users. | ||||||||||||||||
Step 2 | In the User Management dialog box, click Add User. | ||||||||||||||||
Step 3 | In the
Add
User dialog box, complete the following fields:
| ||||||||||||||||
Step 4 | Click Add User. | ||||||||||||||||
Step 5 | In the User Management dialog box, click Close. |
Changing the Password for an Existing User
Step 1 | On the Admin drop-down list, choose Users. |
Step 2 | In the User Management dialog box, click on the user that you want to modify. |
Step 3 | In the Edit User dialog box, click Change Password. |
Step 4 | In the Change Password dialog box, enter the new password and then enter it a second time to verify. |
Step 5 | Click Submit. |
Step 6 | In the User Management dialog box, click Close. |
Deleting a User
If you are signed in as a particular user, you cannot delete that user.
Viewing Cluster Management Information
Note | The cluster management dialog boxes are read-only. |
You must have configured high availability clustering in order to view the cluster management information. See the Cisco Extensible Network Controller Deployment Guide.
Step 1 | On the
Admin drop-down list, choose
Clusters.
The Cluster Management dialog box lists the IP addresses of all of the Cisco XNC instances in the cluster. Clusters can be denoted by one of the following icons: |
Step 2 | In the
Cluster
Management dialog box, choose a cluster.
The Connected Nodes dialog box lists all of the nodes in the selected cluster. |
Step 3 | In the Connected Nodes dialog box, click Close. |
Step 4 | In the Cluster Management dialog box, click Close. |
Viewing the OSGi Console
You can view all of Cisco XNC bundles that comprise the application by viewing the OSGi Web Console.
Note | This procedure does not provide a step-by-step guide to everything you can do in the OSGi Web Console for Cisco XNC Bundles. It a brief procedure that guides you in opening the OSGi Web Console and viewing Cisco XNC bundle information. |
Step 1 | On the Cisco XNC menu bar, click Admin and select OSGi. A new browser tab opens. |
Step 2 | Enter your User Name and Password, then press Enter. The Cisco XNC Bundles list is displayed. In this page you can view all of the active packages, filter on the package name to specify bundle names, and complete other tasks. |
Step 3 | When you are finished viewing the Cisco XNC Bundles, close the browser tab. |