Prerequisites for Configuration
The following topics discuss prerequisite tasks you must complete before configuring the ACI Endpoint Update App.
Configure the Management Center Domains and Subdomains
This section applies to management center devices only. ASA devices don't have domains.
Data in one APIC tenant is pushed and merged to one particular management center domain you configure. APIC does not modify or delete any other object in another management center domain. Note that objects defined in a domain are visible and usable in an management center's subdomains, and that can be a way to share an object across subdomains.
For more information about domains, see the chapter on domain management in the Cisco Secure Firewall Management Center Configuration Guide.
Create domains and subdomains
Before you continue, make sure you have created all users, domains, and subdomains on the management center. Subdomain users must be created in the correct domain (System () . If necessary, click Add Domain to add the user to the desired domain.)
To create a domain on the management center:
-
Log in to the management center.
-
Click System () .
-
Enter the required information.
-
Click Save.
-
Click Save.
Examples
When you create a device in the ACI Endpoint Update App:
-
Enter a username only to push and merge the configuration to the default Global domain on the management center.
-
In the FMC Domain Name field, enter a domain in the format domain1 \domain2 to get dynamic data from the tenant and access the management center and update the objects of the subdomain named domain1 \domain2 of the Global domain..
-
In the FMC Username field, enter the username of a user with privileges to update objects in the management center.
For example, to push the APIC configuration for a tenant named ExampleTenant to the Global \ domain1 \ domain2 domain on an management center with IP address 192.0.2.25 as a user named SampleUser:
-
Log in to APIC.
-
Click
. -
Under management center Endpoint Update, click Open.
-
Click (Config Devices) > Add Device > FMC.
-
Add the device as discussed in Configure the ACI Endpoint Update App; the following figure shows an example of adding an management center.
-
Add the following row to the table.
Create Users for the ACI Endpoint Update App
You must create one dedicated management center user for the ACI Endpoint Update App to update network object and dynamic object configuration:
-
The dedicated user is exclusively for the ACI endpoint update app to update the network object and dynamic object configuration
-
In addition, you must have a second administative user that can be shared between the ACI endpoint update app and other management center functions. (This can be an existing user or a new user.)
Each management center user must have the Administrator role. Each ASA user must have privilege level 15. It's necessary to have to users to avoid the ACI endpoint update app logging out the administrator unexpectedly.
The task that follows discusses how to create users on the management center only. To create ASA users, see the Cisco ASA Series General Operations ASDM Configuration Guide.
Procedure
Step 1 |
Log in to the management center if you haven't done so already. |
Step 2 |
Click . |
Step 3 |
Click Create User. |
Step 4 |
Under User Role Configuration, check Administrator. |
Step 5 |
(Optional.) Click Add Domain to give the user access to a particular domain. Both management center users must be administrators in the same domains. |
Step 6 |
Enter the other information required to configure the user; consult the online help for assistance. |