02-25-2014 11:04 AM
Hi PI Experts,
Is CLI credential mandatory on Cisco Prime?
What would happen if no dedicated CLI credential were configured on Prime to access Cisco network devices?
Right now we use TACACS+ to login to Cisco switches and routers and use Radius to login to PI.
However, our security policy prevents us from either creating a AD account on AD servers or creating a local TACACS+ user account on ACS server for PI appliance.
So, when we do device discovery, if we want to use SSH/Telnet, we need to put in our own AD user credentials, then remove them after the discovery is done.
Thanks
Cedar
Solved! Go to Solution.
02-25-2014 05:03 PM
Hi Ceder,
What would happen if no dedicated CLI credential were configured on Prime to access Cisco network devices?
why Telenet credentilas are required :
Telnet Credential
you can specify the Telnet credentials during discovery so that Prime Infrastructure can collect the device configurations and fully manage the devices. If you do not specify Telnet credentials in the discovery settings, Prime Infrastructure discovers the devices but is unable to manage the device until you specify the Telnet credentials.
In case you are using SSH on your devices:
SSH Credential
For full device support via SSH, you must use SSHv2 with a 1024 bit key. You can configure SSH before running discovery.
Telnet\SSH , credentilas would be required later on as well to Fetch the config , to push any template on the device etc..
Thanks-
Afroz
[Do rate the useful post]
****Ratings Encourages Contributors ****
02-25-2014 05:03 PM
Hi Ceder,
What would happen if no dedicated CLI credential were configured on Prime to access Cisco network devices?
why Telenet credentilas are required :
Telnet Credential
you can specify the Telnet credentials during discovery so that Prime Infrastructure can collect the device configurations and fully manage the devices. If you do not specify Telnet credentials in the discovery settings, Prime Infrastructure discovers the devices but is unable to manage the device until you specify the Telnet credentials.
In case you are using SSH on your devices:
SSH Credential
For full device support via SSH, you must use SSHv2 with a 1024 bit key. You can configure SSH before running discovery.
Telnet\SSH , credentilas would be required later on as well to Fetch the config , to push any template on the device etc..
Thanks-
Afroz
[Do rate the useful post]
****Ratings Encourages Contributors ****
02-26-2014 03:11 PM
Thanks Afroz for the confirmation.
Cedar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide