Cisco ACI

To use a Cisco ACI management station, complete the following steps.

Step 1: Configure the Device

FireMon strives to provide up-to-date product information, however we are not always aware when vendors change their device UI. If any Configure the Device procedure differs from your device version (UI location of fields, not information needed), please consult your device's user guide.

  • Add an administrator user account. Write down the user name and password. You will need this information for a later step in the Administration module.
    1. Log on to the ACI to create a local user.
    2. User Identity: complete the necessary fields to setup the account.
    3. Click Next.
    4. Security: Select all for the Security Domain.
    5. Click Next.
    6. Roles: Select admin for Role Name and Read for Role Privilege Type.
    7. Click Finish.

Step 2: Onboard the Device in the Administration Module

  1. On the toolbar, click Device > Management Stations.
  2. Click Create, and then click Cisco > ACI.
  1. General Properties section.
  1. In the Name box, type the name of the device as you want to see it in SIP.
  2. In the Description box, type an optional description of the device being added.
  3. In the Management IP Address box, type the IP address of the device.
  4. In the Data Collector Group box, select the IP address of the data collector group that will collect data from this device.
  5. In the Central Syslog Server box, select the syslog server from the list (optional).

Syslog fields are optional if the device uses the same IP for syslog and management.
A central syslog server is required only if syslog messages come from a different IP. A central syslog server must be created before it can be assigned to a device. To track usage via syslog, the device must support Level 3+.

  1. In the Syslog Match Names box, type the syslog match names (optional). You can enter multiple names separated by a comma.
  2. By default, the Automatically Retrieve Configuration check box is selected.
  3. In the External ID box, type a unique identifier to be used when the device identifier is different than what is displayed in SIP.
  1. For Collection Configuration, enable Update Rule Documentation on Member Devices to allow Rule Documentation fields on member devices to inherit a value from the management station. Any management stations Rule Documentation field updates will override updates on the member device. A rule marked to be removed will not be updated.
  1. Device Settings section.
    1. In the API Domain box, type the fully qualified domain name, not the URL.
    2. In the Device Domain box, type the login domain for the Cisco ACI. This setting should only be set if a domain must be specified for the user to login via the Cisco ACI GUI.
  1. In the User Name box, type the user name used for the account created in Step 1.
  1. In the Password box, type the password used for the account created in Step 1.
  1. In the Re-enter Password box, retype the password entered above.
  1. Monitoring section.

Change Monitoring

  • Select the Enable Check for Change check box to enable checking for configuration changes after the specified interval, and perform a retrieval is changes are detected.
    • Enter an optional Alternate Syslog Source IP.
  • Select the Perform Change Verification check box to allow the data collector to verify there are actual changes prior to posting a revision to Security Manager. This will enable more efficient use of disk space by not posting revisions that did not change from the last normalized revision.
  1. Retrieval section.

Scheduled Retrieval

Select the Enable Scheduled Retrieval check box to perform a retrieval at a set time regardless of change detection. This will activate additional fields to complete.

  • Set the Scheduled Retrieval Time to fit your requirements.

  • Select the Scheduled Retrieval Time Zone from the list.

Check for Change Retrieval

Select the Enable Check for Change check box to check for configuration changes after the specified interval and perform a retrieval if changes are detected. This will activate an additional field to complete.

  • The default Check for Change Interval time is 1440 minutes (every 24 hours). You can change the check interval time to best fit your requirements. The minimum required interval is 60 minutes (1 hour).

  1. Advanced section.
    • Select the Use Batch Config Retrieval check box only if you are manually sending configurations for this device using your data collector's batchconfig directory. When enabled, online retrievals will be disabled. If enabled, the Management IP Address must be populated.
    • Enter a time in seconds in the Configuration Retrieval Timeout box to set how long to wait before a system timeout during a retrieval. The default time is 120 seconds.
  1. Click Save.
    Devices being managed will be listed in the Discovered Devices section.