Set Up APIC Server Access for NetBrain

To enable NetBrain to discover a Cisco ACI network, you need to reserve a user account with the minimum privilege to read the data from your Application Policy Infrastructure Controller (APIC) and access the authorized tenants and fabric infrastructure.

Complete the following steps to double-check the configurations on your APIC server.

Note: The following steps and screenshots are based on APIC version 4.1(2g) and are subject to change in higher versions.

1. Log in to your APIC server with the admin account, and go to the Admin tab.
2. Select Security Management > Local Users in the navigation pane. Check whether the security domains you want to discover and the corresponding role (admin and read-all) have been assigned to the user account reserved for NetBrain. Make sure at least the readPriv privilege has been assigned.

3. Select Security Management > Security in the navigation pane, and click the user account mentioned in step 2. In the Associated Tenants area, make sure the security domain includes all the system tenants (common, infra, and mgmt) and manually created customer tenants.
   
4. Select Security Management > Roles in the navigation pane, and check the role mentioned in step 2. Make sure that role includes the necessary privileges.
   

Note: The admin privilege is required to retrieve NCT data