If I create a custom admin role, even though role shows a rule permitting changeto, I can't actually use changeto context command. Only works with default roles. Is this as expected behaviour for custom roles. even if same custom role is creaetd in each context?
This was not possible on earlier code releases, but was added as an enhancement beginning with the following software releases:
ACE Module: A2(1.3)
ACE 4710: A3(2.2)
Hopefully you are running software prior to those two releases so you can resolve your issue with an upgrade. If you are already running software at those releases or later, then you may have hit a bug.
I just want to make sure I'm clear on what you're doing. I'm a little confused with the part of your statement "even if same custom role is creaetd in each context?".
Keep in mind that the changeto command will only be allowed if you logged in as an user with admin privileges in the Admin context. Below is taken from the command reference:
Only users authorized in the admin context can use the changeto command to navigate between the various contexts. Context administrators, who have access to multiple contexts, must explicitly log in to the other contexts to which they have access.
Are you saying that you are logging into the Admin context as a user that is a member of a custom admin role? If you are logging into the Admin context, then you should be able to use the changeto command. If you are logging in as an admin role in a user context, then you cannot use this command.
I was trying to create a new Admin Role in the Admin context. If I use the command 'rule 1 pemit create' and then show role 'my new admin role', it seems to indicate I have changeto available in that role, but it doesn't work. I assumed that the same role would also have to exist in the other contexts for the changeto to work.
Its no big deal, we will use the default Admin Role instead. Thanks for your guidance.
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...