To enable NetworkBrain to discover a Cisco ACI network, you need to reserve an user account with the minimum privilege to read the data from your Application Policy Infrastructure Controller (APIC) and access the authorized tenants and fabric infrastructure.

Complete the following steps to double-check the configurations on your APIC server.

1.Log in to your APIC server with the admin account, and go to the Admin tab.

2.Select Security Management > Local Users in the navigation pane, and check whether the security domains that you want to discover and the corresponding role have been assigned to the user account reserved for NetworkBrain. Make sure at least the readPriv privilege has been assigned.

3.Select Security Management > Security in the navigation pane, and click the user account mentioned in step 2. In the Associated Tenants area, make sure the security domain includes all the system tenants (common, infra and mgmt) and manually created customer tenants.

4.Select Security Management > Roles in the navigation pane, and click the role mentioned in step 2. Make sure that role includes the necessary privileges.

Note: The two privileges admin and aaa are not required.