A RADIUS user resolves its role via the Cisco AV Pair.
What object does the Cisco AV Pair resolve to?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/Security_config/b_Cisco_APIC_Security_Configuration_Guide/In the Cisco ACI (Application Centric Infrastructure) environment, the role of a RADIUS user can be determined by using the Cisco AV Pair attribute.
Cisco AV Pair (Attribute-Value Pair) is a RADIUS (Remote Authentication Dial-In User Service) attribute used to pass vendor-specific information between the RADIUS server and client. The Cisco AV Pair is used to provide additional information about the authentication or authorization process.
When a RADIUS user authenticates, the Cisco AV Pair attribute is used to pass the role information to the ACI fabric. The object that the Cisco AV Pair resolves to depends on the configuration of the ACI fabric.
The options listed in the question are:
A. Tenant: A tenant is a logical container that holds applications, endpoints, and policies. It is a part of the ACI fabric that provides a secure and isolated environment for the tenant's resources.
B. Security domain: A security domain is a collection of endpoints that share a common security policy. Security domains are used to implement security policies for groups of endpoints within a tenant.
C. Primary Cisco APIC: The primary Cisco APIC (Application Policy Infrastructure Controller) is the main controller in the ACI fabric. It is responsible for managing the ACI fabric and providing policy-based automation and orchestration for the network.
D. Managed object class: A managed object class is a type of object in the ACI fabric that can be managed and configured through the APIC GUI or API. Examples of managed object classes include tenants, applications, endpoint groups, and contracts.
The correct answer to the question depends on how the Cisco AV Pair is configured in the ACI fabric. It is possible to configure the Cisco AV Pair to resolve to any of the listed options, depending on the requirements of the environment.
In summary, the Cisco AV Pair attribute is used to pass additional information about the authentication or authorization process in the ACI fabric. The object that the Cisco AV Pair resolves to depends on the configuration of the ACI fabric, and it could be a tenant, security domain, primary Cisco APIC, or managed object class.