08-11-2008 08:25 AM
Hi all,
I'm trying to make a management console for the support team. Acces rights are very specific and we need to trace any actions.
We are using LMS 3.1.
I know that Cisoview uses SNMP to read and modify configurations. Is it the same for CM ?
As DFM is not supporting snmp v3, we need to configure SNMP v2 with write access which is not very secure.
Moreover, for Ciscoview and CM, how can I do accounting to keep trace of all changes ?
Is there a way to configure VLAN port assignment in Ciscoview. My support team will have to activate/deactivate interfaces and assign VLAN to a port. They will need to use 2 modules to do that !
They used CNA and everything could be done on a single GUI. Also, the CNA uses HTTPS (encrypted and authenticated, not like SNMPv2). Any commands/actions done on CNA was accounted in the ACS.
I want to deploy Ciscoworks, and I wanted the support team to use it hile making changes. But I realize that I will lose security and "user-friendly" capability.
I want a simple way (no command-line) to configure interfaces, without using SNMP. And I want to keep trace of any actions on switches "Who did What".
Is there a way to do that ?
I've tried Ciscoworks ICM but it is not supported with LMS 3.1 ! So I could not try it.
Thanks.
PS : I'm using Cisco ACS 4.1
08-11-2008 08:48 AM
Yes, Campus Manager uses SNMP read-only primarily. Some of its configuration tasks make use of SNMP read-write, however.
DFM does support SNMPv3 authNoPriv. However, it currently does not support SNMP privacy (i.e. PDU encryption).
Any changes made with CM and CV will be picked up on the next RME config sweep, and Change audit records will be created. LMS also keeps an internal audit trail for all applications. You can run the Audit Trail report from each individual application.
Some CiscoView device packages will support VLAN port assignment, but it is not necessarily going to be there, and in the same place for all device types.
If you want to make sure everything goes through an encrypted channel, and is accounted in ACS, do your configuration changes through RME only, and make sure the only deployment protocols selected are SSH and SCP. This will give you a detailed audit trail from LMS to ACS on who is making what changes to your devices.
Netconfig (in RME) will allow you to configure interface parameters. As with all of RME's config management apps, you can choose only to use secure protocols for deploy and fetch.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide