cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1243
Views
5
Helpful
10
Replies

Cisco PI v2.2 Network Topology Maps

jlinkowsky
Level 4
Level 4

Good afternoon,

I have Cisco PI v2.2 installed on a VM and working fine.  I want to add my Network Topology Maps to the main dashboard for ALL users, but I can only see them when logged in as root.  How can I get a "standard" user to be able to view these topology maps?

Thanks,

John L.

10 Replies 10

Vinod Arya
Cisco Employee
Cisco Employee

Dashboards are unique to users. Each user need to set his Dashboard accordingly.

If multiple user's share a common username to login, they should be able to see the same topology map.

In case you want to allow the other users with different roles and groups, you can edit the group they belong to and add Network Topology Map to their permission.

You can see the groups and their permissions under :

Administration > Users, Roles & AAA

Roles who has access to Network Topology: The Network Topology menu will be available to users with below roles:

 

  • Admin
  • ConfigManagers
  • SystemMonitoring
  • SuperUsers
  • Root

-Thanks

Vinod

**Encourage Contributors. RATE Them**

 

 

-Thanks Vinod **Rating Encourages contributors, and its really free. **

Vinod,

Thank you for the reply.  How do these accounts need to be setup in TACACS+

 

Thank you,

John L.

TACACS+ only serves as an (optional) Authentication server for PI.

What you're talking about is Authorization. That is setup solely on the PI server itself for the users' roles.

Marvin,

 

Then what doesn't make sense to me is that the PI user is setup as a superuser, and another is setup as an admin, and then there is the 'built in' root user.

If I login as either the superuser or admin, and goto Maps from the top menu, "Topology" isn't a choice at all.  (see attachment).

If I login as root, and goto Maps from the top menu, "Topology" is the first choice. (see attachment)

My question is how do I get admin and/or superusers to be able to see the "Topology" choice in the menu?

Thanks in advance,

John L.

 

 

All,

I fixed this issue.  It IS a TACACS+ issue that needed to have specific shell profiles configured for Admin users.  The profile includes:

task65=Network Topology

I did a 'bulk edit' and replaced all the attributes from v2.1 and used v2.2 attributes, and re-logged into ACS, and now I have the "Topology" menu item.

Thanks,

John L.

John,

That's very interesting, thanks for the update! I didn't realize it worked that way - I was relying on the (poorly) documented description.

After some digging in the PI 2.2 User Interface (Administration, Users Roles and AAA, User Groups and then Task List) I did find the list of 185 tasks for and Admin in TACACS+ (attached). Did you have to copy all of those into your TACACS server user group(s)?

Marvin,

Yes, 185 tasks had to be added.  Fortunately, I was able to do a "bulk edit" and copy/paste into the list.  Oh, and I had to use Firefox to do this, as it didn't work while using Chrome (my default browser).  

I added the tasks, and submitted on ACS, and then on ACS, logged out and back in.  Now I have topology maps listed.

However, I just opened a ticket with TAC as the Network Topology dashlet is missing on my installation.  Strange, I know.  I tried logging in as root and admin user - nothing.  I also tried classic view - just in case - nothing.

It will be interesting to see what they say about this one ;-)

Thanks,

John L.

P.S. I 100% agree - poorly documented for v2.2

I had the same issue when I migrated from 2.1 to 2.2

Had to redo the task list associated to the shell profiles on the ACS server.

 

I think for Super user the task list increased from 147 to 185 tasks.

 

Richard,

I noticed that as well.  It increased for sure. 

John L.

With PI and new generation NMS application, we don't have TACACS+ authorization settings.

TACACS+ or MSAD only works for authentication, to provide centralised user access.

Authorisation and what level of access will be granted to the user is configured by local Role Based Access control (RBAC).

So if a user is configured on TACACS/AD they will be able to login on the Prime Infrastructure but will have Help Desk user privileges. To elevate their Access level/Role you need to configure the same account on PI with higher Role.

 -Thanks

Vinod

**Encourage Contributors. RATE Them**

-Thanks Vinod **Rating Encourages contributors, and its really free. **
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: