Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2637
Views
0
Helpful
3
Replies

Change Switch Enable Password with PI 2.2

Go to solution
BlueyVIII
Level 1
Level 1

‎05-18-2015 10:58 AM

Due to a recent security audit I'm looking to change the enable password on all our Access Layer Switches. (Around 150 switches of different models from 35xx to 3750's).

 

Before I do this I have a couple of questions that I can't find an answer to :-

 

1. Is there an existing template to do this or should I just create a CLI Template with the relevant command and deploy to the relevant switches?

2. When the job runs will it automatically update the Device Settings for the affected switches in Prime Infrastructure or will I need to manually re-configure the device settings for each one. I guess it would be quicker to delete and then import all the switches with the new password setting but this would mean I'd loose all the historic information (config archive, etc) for each device.

Any advise or things to be wary of will be very gratefully received! :)

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Eric Scott
Cisco Employee
Cisco Employee

‎05-21-2015 01:16 PM

Hi Bluey,

Yes, there is a prefab template in PI 2.2 for enable password.  Navigate to [Configuration > Templates > Features &  Technologies > CLI Templates > System Templates - CLI > Enable Password-IOS].  When you deploy it to the switches, change to form view and fill out all of the fields.  This will populate the template with your desired password and security level.

Once the template is deployed to the devices, Device Work Center will not automatically be updated with the new enable password.  The easiest way to update the credentials in PI is to do a bulk export from Device Work Center, open the file in Excel, edit the enable password column, save, and use bulk import feature in PI to upload the csv file back into PI.  Before you do the bulk export, you can filter Device Work Center for only the access layer switches to reduce the size of the csv file.

-Eric

View solution in original post

0 Helpful
3 Replies 3

Go to solution
BlueyVIII
Level 1
Level 1

‎05-20-2015 11:57 AM

Has anyone got experience changing switch enable passwords using PI 2.2?? Is there a better way to do it?

 

0 Helpful

Go to solution
Eric Scott
Cisco Employee
Cisco Employee

‎05-21-2015 01:16 PM

Hi Bluey,

Yes, there is a prefab template in PI 2.2 for enable password.  Navigate to [Configuration > Templates > Features &  Technologies > CLI Templates > System Templates - CLI > Enable Password-IOS].  When you deploy it to the switches, change to form view and fill out all of the fields.  This will populate the template with your desired password and security level.

Once the template is deployed to the devices, Device Work Center will not automatically be updated with the new enable password.  The easiest way to update the credentials in PI is to do a bulk export from Device Work Center, open the file in Excel, edit the enable password column, save, and use bulk import feature in PI to upload the csv file back into PI.  Before you do the bulk export, you can filter Device Work Center for only the access layer switches to reduce the size of the csv file.

-Eric

0 Helpful

Go to solution
BlueyVIII
Level 1
Level 1
In response to Eric Scott

‎05-26-2015 05:34 AM

Thanks Eric, I suspected that would be the case so will continue and export/import the devices into Work Centre once the password is changed.

 

Hopefully someone from the P.I development team will see this and build a feature to automatically update the Device Crendentials in a future release (Cisco Works used to do this!)  :) 

0 Helpful
Customers Also Viewed These Support Documents
Top