aaa
|
Used for configuring authentication, authorization, accouting and import/export policies.
|
access-connectivity-l1
|
Used for Layer 1 configuration under infra. Example: selectors and port Layer 1 policy configurations.
|
access-connectivity-l2
|
Used for Layer 2 configuration under infra. Example: Encap configurations on selectors, and attachable entity.
|
access-connectivity-l3
|
Used for Layer 3 configuration under infra and static route configurations under a tenant's L3Out.
|
access-connectivity-mgmt
|
Used for management infra policies.
|
access-connectivity-util
|
Used for tenant ERSPAN policies.
|
access-equipment
|
Used for access port configuration.
|
access-protocol-l1
|
Used for Layer 1 protocol configurations under infra.
|
access-protocol-l2
|
Used for Layer 2 protocol configurations under infra.
|
access-protocol-l3
|
Used for Layer 3 protocol configurations under infra.
|
access-protocol-mgmt
|
Used for fabric-wide policies for NTP, SNMP, DNS, and image management.
|
access-protocol-ops
|
Used for operations-related access policies such as cluster policy and firmware policies.
|
access-qos
|
Used for changing CoPP and QoS-related policies.
|
fabric-connectivity-l1
|
Used for Layer 1 configuration under the fabric. Example: selectors and port Layer 1 policy and vPC protection.
|
fabric-connectivity-l2
|
Used in firmware and deployment policies for raising warnings for estimating policy deployment impact.
|
fabric-connectivity-l3
|
Used for Layer 3 configuration under the fabric. Example: Fabric IPv4, IPv6, and MAC protection groups.
|
fabric-connectivity-mgmt
|
Used for atomic counter and diagnostic policies on leaf switches and spine switches.
|
fabric-connectivity-util
|
Used for atomic counter, diagnostic, and image management policies on leaf switches and spine switches.
|
fabric-equipment
|
Used for atomic counter, diagnostic, and image management policies on leaf switches and spine switches.
|
fabric-protocol-l1
|
Used for Layer 1 protocol configurations under the fabric.
|
fabric-protocol-l2
|
Used for Layer 2 protocol configurations under the fabric.
|
fabric-protocol-l3
|
Used for Layer 3 protocol configurations under the fabric.
|
fabric-protocol-mgmt
|
Used for fabric-wide policies for NTP, SNMP, DNS, and image management.
|
fabric-protocol-ops
|
Used for ERSPAN and health score policies.
|
fabric-protocol-util
|
Used for firmware management traceroute and endpoint tracking policies.
|
nw-svc-device
|
Used for managing Layer 4 to Layer 7 service devices.
|
nw-svc-devshare
|
Used for managing shared Layer 4 to Layer 7 service devices.
|
nw-svc-params
|
Used for managing Layer 4 to Layer 7 service policies.
|
nw-svc-policy
|
Used for managing Layer 4 to Layer 7 network service orchestration.
|
ops
|
Used for viewing the policies configured including troubleshooting policies.
Note
|
The ops role cannot be used for creating new monitoring and troubleshooting policies. Those policies need to be created by using
the admin privilege, just like any other configurations in the Cisco APIC.
|
|
tenant-connectivity-util
|
Used for atomic counter, diagnostic, and image management policies on leaf switches and spine switches.
|
tenant-connectivity-l2
|
Used for Layer 2 connectivity changes, including bridge domains and subnets.
|
tenant-connectivity-l3
|
Used for Layer 3 connectivity changes, including VRFs.
|
tenant-connectivity-mgmt
|
Used for tenant in-band and out-of-band management connectivity configurations and for debugging/monitoring policies such
as atomic counters and health score.
|
tenant-epg
|
Used for managing tenant configurations such as deleting/creating endpoint groups, VRFs, and bridge domains.
|
tenant-ext-connectivity-l1
|
Used for write access firmware policies.
|
tenant-ext-connectivity-l2
|
Used for managing tenant L2Out configurations.
|
tenant-ext-connectivity-l3
|
Used for managing tenant L3Out configurations.
|
tenant-ext-connectivity-mgmt
|
Used as write access for firmware policies.
|
tenant-ext-connectivity-util
|
Used for debugging/monitoring/observer policies such as traceroute, ping, oam, and eptrk.
|
tenant-ext-protocol-l1
|
Used for managing tenant external Layer 1 protocols. Generally only used for write access for firmware policies.
|
tenant-ext-protocol-l2
|
Used for managing tenant external Layer 2 protocols. Generally only used for write access for firmware policies.
|
tenant-ext-protocol-l3
|
Used for managing tenant external Layer 3 protocols such as BGP, OSPF, PIM, and IGMP.
|
tenant-ext-protocol-mgmt
|
Used as Write access for firmware policies.
|
tenant-ext-protocol-util
|
Used for debugging/monitoring/observer policies such as traceroute, ping, oam, and eptrk.
|
tenant-network-profile
|
Used for managing tenant configurations, such as deleting and creating network profiles, and deleting and creating endpoint
groups.
|
tenant-protocol-l1
|
Used for managing configurations for Layer 1 protocols under a tenant.
|
tenant-protocol-l2
|
Used for managing configurations for Layer 2 protocols under a tenant.
|
tenant-protocol-l3
|
Used for managing configurations for Layer 3 protocols under a tenant.
|
tenant-protocol-mgmt
|
Only used as write access for firmware policies.
|
tenant-protocol-ops
|
Used for tenant traceroute policies.
|
tenant-QoS
|
Used for QoS-related configurations for a tenant.
|
tenant-security
|
Used for contract-related configurations for a tenant.
|
vmm-connectivity
|
Used to read all the objects in Cisco APIC's VMM inventory required for virtual machine connectivity.
|
vmm-ep
|
Used to read virtual machine and hypervisor endpoints in the Cisco APIC's VMM inventory.
|
vmm-policy
|
Used for managing policies for virtual machine networking.
|
vmm-protocol-ops
|
Not used by VMM policies.
|
vmm-security
|
Used for managing authentication policies for VMM, such as the username and password for VMware vCenter.
|