cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1667
Views
0
Helpful
7
Replies

Cisco MDS admin password reset automation

brjaiswal
Level 1
Level 1

Can anyone suggest script to automate cisco MDS admin password reset?

Thank you!

7 Replies 7

Kirk J
Cisco Employee
Cisco Employee

The overall MDS security guide is published at https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/8_x/config/security/cisco_mds9000_security_config_guide_8x.html

What is CyberArk's requirements?  Can they interface with DCNM?

I didn't see a whole lot published in terms of specific platforms/end devices.

May be that it will take enough customers contacting CyberArk, to approach Cisco about collaborative development of some sort of plugin.

If you have equipment that has support contract, please open a case, so they can log your request, interest in this type of solution.

 

Kirk...

Hi Kirk,

 

Thanks for reply. My goal is to automate admin password reset. We have more than 100 SAN switches. Logging to each one and changing password is too hectic. FYI we are using Radius for authentication. Any script that I can start with will be very helpful.

 

Thank you.

Sergiu.Daniluk
VIP Alumni
VIP Alumni

Hi,

Just to understand your question correctly: you do not have the admin password anymore, and you would like to do password recovery on 200+ switches, correct? If yes, then the problem of automating this process is getting the switches in (boot)# prompt. I am not aware of any way to send break cmd to all switches at the same time.

 

Regards,

Sergiu

Hi Sergiu,

 

I do have admin password however every 3 months due to security reason, we have to change this password manually. I am looking if any script that I can use to automate this process. Kindly let me know if you know any.

 

Thank you!

In that case my friend, the password change can be done very nice and smooth using NXAPI. Initially, I thought you were looking to do password recovery on multiple switches, idk why.

Anyway, coming back to your question, you need to the following:

 

1. Enable NXAPI:

switch# configure terminal
switch(config)# feature nxapi

2. Using the programming language of your choice, or why not POSTMAN, you can simply send a json request.

Here is an example on how to use Python.

import json

"""
This is an example for 2 IP addresses, but you can add more. 
"""
list_of_mgmt_ip=['IP-address1', 'IP-address2']
for IP in list_of_mgmt_ip:
	url='http://{}/ins'.format(IP)
	switchuser='admin'
	switchpassword='<admin-password>'

	myheaders={'content-type':'application/json'}
	payload={
	  "ins_api":{
	  "version": "1.2",
	  "type": "cli_conf",
	  "chunk": "0",
	  "sid": "1",
	  "input": "username admin password new-password",
	  "output_format": "json"
	}

	response = requests.post(url,data=json.dumps(payload), headers=myheaders,auth=(switchuser,switchpassword)).json()
	print(response)

3. Enjoy

 

Let me know if you have any questions.

Cheers,

Sergiu

 

Thank you Sergiu. 

Sorry I am new to scripting, can this be run on Management host (windows/linux) or directly to switch or somewhere else?

 

Thanks!

This should be run from a mgmt machine where you have python installed.

Regards,

Sergiu

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: