The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
AAA enables the security appliance to determine who the user is (authentication), what the user can do (authorization), and what the user did (accounting). Cisco Extensible Network Controller (XNC) uses Remote Authentication Dial-In User Service (RADIUS) or Terminal Access Controller Access-Control System Plus (TACACS+) to communicate with an AAA server.
Remote authentication and authorization is supported using the AAA server. To authenticate each user, Cisco Extensible Network Controller (XNC) uses both the login credentials and an attribute-value (AV) pair that assigns the authorized role for the user as part of the user administration. After successful authentication, the Cisco AV pair is returned to Cisco Extensible Network Controller (XNC) for resource access authorization.
If you chose RADIUS as the protocol for the AAA server, you need to configure user authentication for RADIUS.
User authorization on a RADIUS server must conform to the Cisco Attribute-Value (av-pair) format.
shell:roles="Network-Admin Slice-Admin" |
Cisco Extensible Network Controller (XNC) uses users and roles to manage user access. You can assign more than one role to a user. This can be one of the following:
Network Administrator—Provides full administrative privileges to all applications.
Network Operator—Provides read-only privileges to all applications.
Application User—Provides privileges that are defined in the specified application.
Slice User—Provides access to a specified slice.
Each user is assigned a role, which determines the permissions that they have. Slice users are assigned to both a role and a slice. The Admin user with the Network Administrator role is created by default when you install Cisco Extensible Network Controller (XNC).
After creating a user, you can change the password, but you cannot change the roles assigned to the user.
Step 1 | From the Admin drop-down list, choose Users. | ||||||||||||||||
Step 2 | In the User Management dialog box, click Add User. | ||||||||||||||||
Step 3 | In the
Add
User dialog box, complete the following fields:
| ||||||||||||||||
Step 4 | Click Add User. | ||||||||||||||||
Step 5 | In the User Management dialog box, click Close. |
Step 1 | From the Admin drop-down list, choose Users. |
Step 2 | In the User Management dialog box, click the user that you want to modify. |
Step 3 | In the Manage User dialog box, click Change Password. |
Step 4 | In the Change Password dialog box, enter the new password in the New Password and in the Verify New Password fields. |
Step 5 | Click Submit. |
Step 6 | Click Close in the Manage User dialog box. |
Step 7 | Click Close in the User Management dialog box. |
If you are signed in as a particular user, you cannot delete that user.
Note | The cluster management dialog boxes are read-only. |
You must have configured high availability clustering in order to view the cluster management information. See the Cisco Extensible Network Controller Deployment Guide.
Step 1 | From the
Admin drop-down list, choose
Clusters.
The Cluster Management dialog box lists the IP addresses of all of the Cisco Extensible Network Controller (XNC) instances in the cluster. Clusters can be denoted by one of the following icons: |
Step 2 | In the
Cluster
Management dialog box, choose a cluster.
The Connected Nodes dialog box lists all of the nodes in the selected cluster. |
Step 3 | In the Connected Nodes dialog box, click Close. |
Step 4 | In the Cluster Management dialog box, click Close. |
You can view all of Cisco Extensible Network Controller (XNC) bundles that comprise the application by viewing the OSGi Web Console.
Note | This procedure does not provide a step-by-step guide to everything you can do in the OSGi Web Console for Cisco XNC Bundles list. It guides you in opening the OSGi Web Console and viewing bundle information. |
Step 1 | From the Admin drop-down list, choose OSGi. A new browser tab opens. |
Step 2 | Enter your username and password, and then press Enter. The Cisco – XNC Bundles list is displayed. In this page you can view all of the active packages, filter on the package name to specify bundle names, and complete other tasks. |
Step 3 | When you are finished viewing the list, close the Cisco – XNC Bundles browser tab. |
You can view all of Cisco Extensible Network Controller (XNC) northbound API content for the application by opening a browser tab using the Northbound API tool (book icon) in the menu bar.
Step 1 | From the menu
bar, click the
Northbound API button.
A new browser tab (Swagger UI) is opened and the complete list of northbound API content used in Cisco XNC is displayed. From this tab, you can do the following: |
Step 2 | When you are finished viewing northbound API content, close the browser tab. |