Hi all, really hope someone can help on what I hope to be a basic question.
I have a CiscoWorks server integrated with Cisco ACS. When a user tries to access CiscoWorks, they must authenticate using a username/password that is held centrally on the Cisco ACS server (I have authorisations configured here to allow certain users access to select devices). All this is working fine.
When I add devices to the DCR, I need to add Device Credentials. Do I need to tell the CiscoWorks the username/password or does it 'automatically' use the same username/password that the user typed in to aunthenticate to the CiscoWorks login page initially? I'm kinda confused. Not sure if I have to configure a general username/password for all devices in the DCR. The problem here though is when I check the ACS for reports regarding who has accessed a specific device (through NetShow for example), it will not tell me the 'real' user but will use the general username/password used for all devices (as set in the DCR). I hope this makes sense, please someone help clarify for me!
The LMS login credentials are completely independent of the credentials used for device access. If you want users to be able to authenticate to devices using their own credentials, do not add telnet/SSH credentials to DCR, but instead enable job-based passwords (under RME > Admin > Config Mgmt > Config Job Policies. Then, when users run Netconfig, Netshow, etc. jobs, they will be prompted for THEIR credentials at job creation time. Your ACS reports should then reflect the proper user. If you make Job-based passwords mandatory (i.e. do not check the "User configurable" box), then users must enter their credentials before a job can be scheduled.
To make these settings truly effective, you should only select telnet or SSH for your configuration deployment protocols. You should also note that config fetch will not use job-based passwords, so either configure the config fetch protocol to be TFTP, or you will need to add a global username/password to DCR. If job-based passwords are mandatory, this global set of credentials should only be used for configuration fetch operations.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.