Implementing Cisco Application Centric Infrastructure (DCACI) — Question 318

A retail company must configure an RBAC policy for Cisco ACI that allows its users to perform these tasks:
• View the status of the switches in the fabric and replace any switch from the fabric, but not allow the user to access any information about services configured on any ports.
• Create or modify any VLAN pool but not allow the user to associate it to a physical or external domain or change any existing associations.

Which set of privileges must be included in a custom RBAC role to accomplish these tasks?

Answer options

• A. access-equipment fabric-connectivity
• B. access-protocol access-equipment
• C. fabric-equipment access-connectivity
• D. tenant-connectivity fabric-protocol

Correct answer: C

Explanation

The correct answer is C, as 'fabric-equipment' allows viewing and replacing switches in the fabric, and 'access-connectivity' enables modification of VLAN pools without allowing association changes. Options A and B do not include the necessary privileges for VLAN pool modifications, while D focuses on tenant connectivity, which is not relevant to the tasks described.