• Nexus Dashboard
  • USER: admin
  • PASS: cisco.123
  • ND-1 Web Interface
  • ND-2 Web Interface
  • DEV Server
  • USER: cisco
  • PASS: cisco.123
  • ssh address: 10.0.208.15
  • VNC address: 10.0.208.15:5901
  • Switch Login
  • USER: admin
  • PASS: cisco.123
  • Site1-S1: 10.3.5.11
  • Site1-S2: 10.3.5.12
  • Site1-L1: 10.3.5.13
  • Site1-L2: 10.3.5.14
  • Site1-BL1: 10.3.5.15
  • Site1-BGW1: 10.3.5.16
  • Site2-S1: 10.3.5.17
  • Site2-L1: 10.3.5.18
  • Site2-BGW1: 10.3.5.19
  • Ext-Rtr: 10.3.5.10
  • Core-Rtr: 10.3.5.20
RBAC

Nexus Dashboard
  • Introduction
  • Nexus One Fabric
  • System Access
  • Site1 Fabric (Greenfield)
  • Validate Site1 Fabric
  • External L3
  • Validate ExtL3
  • Site2 Fabric (Brownfield)
  • Validate Site2 Fabric
  • Inter-Site Network
  • Unified Management
  • Fabric Groups
  • Validate MultiClstr Fabric
  • Network as Code

In this section, you will configure Role-Based Access Control (RBAC) on the Nexus Dashboard. RBAC enables user access based on roles defined within the configuration. These roles govern permissions for both local and external authentication and can be applied to the Nexus Dashboard itself, its integrated services, or both.

Identical roles may also be configured on a remote authentication server, which can subsequently authenticate Nexus Dashboard users. In this lab, Cisco Identity Services Engine (ISE) will be utilized as the security policy management platform, providing secure access control for the Nexus Dashboard.

Step 1 - RBAC Configuration - nd05-1

  1. Click Admin in the left navigation bar
  2. Click Users and Security


  3. Click Authentication
  4. Click Create login domain


  5. Name: cl-ise
  6. Realm: Select TACACS+
  7. Click Add Provider


  8. Hostname/IP address: 10.3.0.10
  9. Key: cisco.123
  10. Confirm Key: cisco.123
  11. Username: pod5u1
  12. Password: cisco.123
  13. Click Save


  14. Click Save


    15. Step 2 - Setup Default Authentication - nd05-1

    To streamline the login process for subsequent sessions, this step involves configuring the Default Login Domain Authentication to cl-ise, which corresponds to the TACACS login domain previously established.


    1. Click: Edit

    2. Select: cl-ise
    3. Click: Save



    After clicking Save ND will bring you back to the User and Security page where now it should display the right default method.

    Step 3 - Verify RBAC - nd05-1

    Having configured Role-Based Access Control (RBAC) services on nd05-1, the next step is to validate its functionality. To verify this configuration, log out of nd05-1 and log back in using the appropriate credentials.

    1. Click Admin in the top right corner of the page
    2. Click Logout


    3. User Name: pod5u1
    4. Password: cisco.123
    5. Login Domain cl-ise
    6. Click Login


    Upon successful login, your username, pod5u1, will be displayed in the user interface as shown below.


    Please continue to the next section.