in our company we have SAN with several MDS 9509 and 9513 switches. We use a FMS 4.1 for management.
The cabling is done by a subcontractor. In future they should also do the port assignment. Enable/disable ports, change the port description.
Therfore i try to define some restricted users.
On device manager i have defined a role SAN-Port with the following rules:
permit Show *
permit Config interface
permit Exec copy
This looks ok for me.
I want to have a similar restriction in the FM client. They should use it as an entry point for their work, as i do.
But i didn't see a possibility to do that.
I can define a role in FMS, but there i can only define the scope of SAN's. When a user with such a role opens the FM client, he cannot access a device manager via right click a switch. The device manager option isn't shown.
If i define a user with a predefined role in FMS, it seems the user can do nearly everything.
So is ther a way to restrict a user like in device manager? Or can we only use the device manager?
For what you listed out as the roles and responsibilities of your contractor are, they only need CLI access. SSH preferred or Telnet. You're looking at 5 or less commands they need to know to do their end of the job.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...