i want to share with you the feedback how to get CVP (Cloudvision Portal) running with CPPM (6.7) over Tacacs+ Service. Normally you get the network-operator role if you successfully authenticate. If you need the network-admin cvp-role you need to follow these steps:
You have CVP configured with shared secret to CPPM
Now, create a Tacacs Dictonary "Addon" to the shell.
Go to Administration-> Dictonarys -> Tacacs+ Services. Mark the "shell" and Export the XML.
Add the follow line
<ServiceAttribute allowedValuesCsv="network-admin" dataType="String" dispName="cvp-roles" name="cvp-roles"/>
above the last one:
so it looks like:
<ServiceAttribute allowedValuesCsv="network-admin" dataType="String" dispName="cvp-roles" name="cvp-roles"/> </TacacsServiceDictionary> </TacacsServiceDictionaries></TipsContents>
in the end.
Import those XML again and make sure CPPM got it. Then Create a Tacacs+ Enforcement Profile that looks like this:
Be careful that you use REPLACE, otherwise it will be the default operator.
Add this enforcement to you Tacacs Service or create a new one only for CVP.
Ill hope this helps. If you want to extend the system with more roles you have to add more XML Lines, each one for a new role that matches the cvp role.
Thanks to Aruba/Arista TAC.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.