ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
509
Views
0
Helpful
7
Replies
Highlighted
Beginner

Cisco MDS admin password reset automation

Can anyone suggest script to automate cisco MDS admin password reset?

Thank you!

Everyone's tags (1)
7 REPLIES 7
Highlighted
Cisco Employee

Re: Cisco MDS integration with CyberArk

The overall MDS security guide is published at https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/8_x/config/security/cisco_mds9000_security_config_guide_8x.html

What is CyberArk's requirements?  Can they interface with DCNM?

I didn't see a whole lot published in terms of specific platforms/end devices.

May be that it will take enough customers contacting CyberArk, to approach Cisco about collaborative development of some sort of plugin.

If you have equipment that has support contract, please open a case, so they can log your request, interest in this type of solution.

 

Kirk...

Highlighted
Beginner

Re: Cisco MDS integration with CyberArk

Hi Kirk,

 

Thanks for reply. My goal is to automate admin password reset. We have more than 100 SAN switches. Logging to each one and changing password is too hectic. FYI we are using Radius for authentication. Any script that I can start with will be very helpful.

 

Thank you.

Highlighted
Rising star

Re: Cisco MDS admin password reset automation

Hi,

Just to understand your question correctly: you do not have the admin password anymore, and you would like to do password recovery on 200+ switches, correct? If yes, then the problem of automating this process is getting the switches in (boot)# prompt. I am not aware of any way to send break cmd to all switches at the same time.

 

Regards,

Sergiu

Highlighted
Beginner

Re: Cisco MDS admin password reset automation

Hi Sergiu,

 

I do have admin password however every 3 months due to security reason, we have to change this password manually. I am looking if any script that I can use to automate this process. Kindly let me know if you know any.

 

Thank you!

Highlighted
Rising star

Re: Cisco MDS admin password reset automation

In that case my friend, the password change can be done very nice and smooth using NXAPI. Initially, I thought you were looking to do password recovery on multiple switches, idk why.

Anyway, coming back to your question, you need to the following:

 

1. Enable NXAPI:

switch# configure terminal
switch(config)# feature nxapi

2. Using the programming language of your choice, or why not POSTMAN, you can simply send a json request.

Here is an example on how to use Python.

import json

"""
This is an example for 2 IP addresses, but you can add more. 
"""
list_of_mgmt_ip=['IP-address1', 'IP-address2']
for IP in list_of_mgmt_ip:
	url='http://{}/ins'.format(IP)
	switchuser='admin'
	switchpassword='<admin-password>'

	myheaders={'content-type':'application/json'}
	payload={
	  "ins_api":{
	  "version": "1.2",
	  "type": "cli_conf",
	  "chunk": "0",
	  "sid": "1",
	  "input": "username admin password new-password",
	  "output_format": "json"
	}

	response = requests.post(url,data=json.dumps(payload), headers=myheaders,auth=(switchuser,switchpassword)).json()
	print(response)

3. Enjoy

 

Let me know if you have any questions.

Cheers,

Sergiu

 

Highlighted
Beginner

Re: Cisco MDS admin password reset automation

Thank you Sergiu. 

Sorry I am new to scripting, can this be run on Management host (windows/linux) or directly to switch or somewhere else?

 

Thanks!

Highlighted
Rising star

Re: Cisco MDS admin password reset automation

This should be run from a mgmt machine where you have python installed.

Regards,

Sergiu

This widget could not be displayed.