Deploy AAA server to login Collector

Jerry.Lv2016 · ‎05-16-2016

Hi Support-team

We are now using the local account to login the collector and I wonder that if the collector support AAA both SSH and HTTPS?

We want to use AAA accounts to login the collector due to we have many user need to login and manager it.

Thanks.

Lynden Price · ‎05-17-2016

Hi Jerry,

In the CSPC GUI, under Administration > Manage Remote Authentication you will see an option to add your server. Then go to Administration > Manage Users and set the users up as "remote". You have an option to test the connectivity to the server and you can also test by logging out and logging in as one of your configured users.

Thanks,

Lynden

Jerry.Lv2016 · ‎05-22-2016

Thanks Lynden

1.I tried to to set in GUI,but fail,see the attachment.

What should the parameters be filled in ?Do you have any documentation or guides about it ?

2.Another question,all the settings above are on Client side,but we also need to set on Server side,like authenticate and authorize,right?So that the server can trust the client and assign permission. Do you have documentation or guides of this？

Thank you.

Lynden Price · ‎05-23-2016

Hi Jerry,

1. You'll need to get those parameters from your network admin who set up the remote authentication on your network.

2. To test the log in, you'll use your network log in information that you use for work.

Thanks,

Lynden

Jerry.Lv2016 · ‎05-23-2016

Yes,Lynden. I think that maybe I made wrong description. I know that these parameters should get from my network.

When we set AAA on network devices,we need to set on both Client side and Server side.Likely we also need to do some settings on both collector and AAA server to make them trust each other and exchange data,right?I just wonder what should we do on the AAA server side?Could you please give propose or is there have documentations or guides?

Thank you so much

Lynden Price · ‎05-24-2016

Hi Jerry,

I think I understand you. You're asking how to enable the SSH login for the specific devices?

Under Device Credentials, if you create a new credential, you can select SSHv2 as the protocol and then input the configured username and password. I've attached a document showing how to do this.

Thanks,

Lynden

Jerry.Lv2016 · ‎05-30-2016

Hi Lynden

Thank you for your documentation.

The credentials we used to login the Collector now are local, we have to share the same credential among my team. Therefore, we can't know the real user once there has someone login and change configuration on the Collector.

I want to set up AAA configurations on the Collector,so that all the members of my team can login the Collector using their own AAA account via both SSH and HTTPS. So I just wonder if this can be implemented and how to do?

Can you help me?

Lynden Price · ‎05-31-2016

Hi Jerry,

That functionality is not available for the CSPC GUI. You will need to set up the individual access by creating a new user for each login.

Thanks,

Lynden

Jerry.Lv2016 · ‎06-01-2016

You mean that we can't set up AAA service for CSPC GUI?

But the CSPC was separated into two part with different information,GUI and SSH,right?

So except GUI,we also can manage the CSPC via SSH connection,if we can set up AAA service for login CSPC via SSH?

Thanks a lot.

Lynden Price · ‎06-01-2016

Hi Jerry,

That is correct. When you set up the collector, you created a "collectorlogin" and "root" password. You can SSH in as collectorlogin to access the CentOS of the VM. Then you can set up remote authentication there for SSH.

-Lynden