Introduction
Given that there will be more than one person administering the ACI fabric, it makes sense that each have their own user account. This is a necessity for certifications such as PCI-DSS, and also just makes sense from an auditing perspective.
In this chapter, we will look at how we can connect to third-party authentication sources, such as RADIUS, TACACS+, and LDAP, and how we can limit the users down by a per-tenant or per-function basis.
AAA and multiple tenant support
ACI has been built with security in mind. Adding local users and connecting to external authentication services (such as RADIUS, TACACS+, and LDAP) is all very straightforward. Security is a constant theme throughout ACI--just look at contracts for an example.Â
Because of this focus on security, we can perform actions such as limiting the abilities of a user on a per-tenant basis and being very granular about the aspects of the fabric that they can and cannot read from or write to. The abilities of a user can be...
