Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1613
Views
135
Helpful
9
Replies

What's this new Security Tab in ACI?

Go to solution
RedNectar
VIP
VIP

‎03-03-2022 12:28 PM - edited ‎03-03-2022 01:24 PM

[Edited with correct version numbers]

I've just discovered this. Nice!

image.png

I don't remember reading about this feature in the release notes, and it is documented in the help, so it must exist!

But it wasn't there is v5.2(1)

It may have been in 5.2(2), and I didn't notice

Definitely there in 5.2(3) - but here's the catch - If I'm not logged in as username admin, I don't see anything, even if I have full admin rights

image.png

Does anyone know what's going on here?

Is this a bug?

If it is a bug, does anyone care?

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
Labels:
2 Accepted Solutions

Accepted Solutions

Go to solution
Robert Burns
Cisco Employee
Cisco Employee

‎03-03-2022 05:48 PM

This was part of the 5.2(3) LLR features intended to help consolidate all security info into one place - including Contracts & ESGs. It'll display filter hit counts etc. .  Its also present under each Tenant view (the view under System is the fabric-wide view). 

 

Robert

View solution in original post

0 Helpful

Go to solution
Robert Burns
Cisco Employee
Cisco Employee

‎03-03-2022 05:51 PM

And Yes (sigh) this looks like a bug that data isn't being shown for any user other than the default 'admin' account.  Local & Remote admin-level accounts don't work correctly.  I'll confirm & raise this tomorrow.

Robert

View solution in original post

9 Replies 9

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎03-03-2022 12:48 PM - edited ‎03-03-2022 12:58 PM

Hi Chris,

I just checked 5.2.2f, and the "security" tab is not there.

About the non-`admin` user inconsistency you see, all I can say is: the RBAC/roles/security domains in ACI are so chaotically implemented that I am inclined to say is a bug.

 

EDIT: Chris, you mentioned 5.3. Is this a typo (5.2.3)? I don't see 5.3 released yet.

 

Take care,

Sergiu

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to Sergiu.Daniluk

‎03-03-2022 12:50 PM

Also - non-topic related, why there are three users always giving instant helpful votes (bots?)

Go to solution
RedNectar
VIP
VIP
In response to Sergiu.Daniluk

‎03-03-2022 01:31 PM

Curious. I usually delete those as soon as the email comes, but I'll keep an eye out.  If you are logged in, have notifications enabled and someone posts, you'll see a pop-up that you can click.  Maybe some people just sit on the Cisco community forum all day waiting for my words of wisdom to flow forth....................

I'll stop deleting and see if I notice anything fishy

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Go to solution
Robert Burns
Cisco Employee
Cisco Employee
In response to Sergiu.Daniluk

‎03-03-2022 05:30 PM

There are 3-4 User accounts using Bots.  I've warned them this week to disable them or I ban & revoke their awards (sorry) by Friday.  This isn't the first time we've seen this.

Robert

Go to solution
RedNectar
VIP
VIP
In response to Sergiu.Daniluk

‎03-03-2022 01:28 PM

@Sergiu.Daniluk ,

Keeping me honest - thanks. Edited the version numbers thanks to your pickup

I have considered that the tab MIGHT be to do with a plugin, but have only Nexus Insights Cloud Connector and Policy Viewer installed, and besides, on that screen, clicking help gives a pretty full explanation (except WHY you have to be user admin)

However, you need to know that you've made my day with the most precise explanation of RBAC I've seen:

all I can say is: the RBAC/roles/security domains in ACI are so chaotically implemented that I am inclined to say is a bug.

Oh so true!

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Go to solution
Robert Burns
Cisco Employee
Cisco Employee

‎03-03-2022 05:48 PM

This was part of the 5.2(3) LLR features intended to help consolidate all security info into one place - including Contracts & ESGs. It'll display filter hit counts etc. .  Its also present under each Tenant view (the view under System is the fabric-wide view). 

 

Robert

0 Helpful

Go to solution
Robert Burns
Cisco Employee
Cisco Employee

‎03-03-2022 05:51 PM

And Yes (sigh) this looks like a bug that data isn't being shown for any user other than the default 'admin' account.  Local & Remote admin-level accounts don't work correctly.  I'll confirm & raise this tomorrow.

Robert

Go to solution
Robert Burns
Cisco Employee
Cisco Employee
In response to Robert Burns

‎03-04-2022 06:15 AM

Raised CSCwb13504 to track this.  @Chris if you could open a quick TAC case, and link it to this bug, will help prioritize this quickly.

Thanks,

Robert

Go to solution
Robert Burns
Cisco Employee
Cisco Employee
In response to Robert Burns

‎03-26-2022 12:14 PM

To close this loop this will be patched into 5.2(5) as well as 6.x release.

Robert

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License