Hi Community,
i want to share with you the feedback how to get CVP (Cloudvision Portal) running with CPPM (6.7) over Tacacs+ Service. Normally you get the network-operator role if you successfully authenticate. If you need the network-admin cvp-role you need to follow these steps:
Pre-Konfig:
You have CVP configured with shared secret to CPPM
Now, create a Tacacs Dictonary "Addon" to the shell.
Go to Administration-> Dictonarys -> Tacacs+ Services. Mark the "shell" and Export the XML.
Add the follow line
<ServiceAttribute allowedValuesCsv="network-admin" dataType="String" dispName="cvp-roles" name="cvp-roles"/>
above the last one:
</TacacsServiceDictionary>
</TacacsServiceDictionaries>
</TipsContents>
so it looks like:
...truncated...
<ServiceAttribute allowedValuesCsv="network-admin" dataType="String" dispName="cvp-roles" name="cvp-roles"/>
</TacacsServiceDictionary>
</TacacsServiceDictionaries>
</TipsContents>
in the end.
Import those XML again and make sure CPPM got it. Then Create a Tacacs+ Enforcement Profile that looks like this:
Be careful that you use REPLACE, otherwise it will be the default operator.
Add this enforcement to you Tacacs Service or create a new one only for CVP.
Ill hope this helps. If you want to extend the system with more roles you have to add more XML Lines, each one for a new role that matches the cvp role.
Thanks to Aruba/Arista TAC.