We have four sites in our company. All sites use the same community string, but use different âEnableâ password. Users access devices through RADIUS server authentication. I have several questions about LMS3.0 setting.
1.Do I need setup âDefault Credentialsâ because devices use different âEnableâ password? Could I begin device discovery without default credentials?
2.When I use âSync archiveâ, I will have to use transparent protocols. I do not want to use RCP protocol because I have to setup local username and password on every device. If I use SSH, where I can setup âusernameâ,âpasswordâ and âEnable passwordâ for this device? If I set up them on credentials, how to use it?
3.I already create account (cwuser) for Ciscoworks? Could I use this account as local account to authenticate all devices?
1. You can setup default credentials with all of the common credentials. Leave the fields which vary site-by-site empty. You do not need to configure default credentials at all, ever. Discovery will work just fine as it uses its own set of credentials to contact the devices.
2. All credentials are stored in the Device Credential Repository. They can be set on a per-device basis and on a set of devices under Common Services > Device and Credentials > Device Management. If you are using default credentials, devices will inherit the default credentials when they are added to DCR. DCR will copy the default credential values into the per-device credential fields for those devices. Therefore, if you need to make changes to a device's specific set of credentials once it is added, this is very easy to do without affecting the default set or any other device.
3. Assuming cwuser is known to every device, yes.
Thanks for your advice!
If I add four devices, how to set up different groups according to different site?
how could I add network devices to new group?
You can do grouping a number of different attributes. Each application offers its own grouping capabilities. It really depends on how you determine devices are in a given site. For example, if you use SNMP sysLocation to discern the site, you can go to RME > Devices > Group Administration, and create a new group matching on System.Location.
By default, groups are dynamic. So, when you add a new device which has an attribute which matches an existing group, it will automatically show up in that group.
When I push IOS to devices, could i use SSH v2 as access method? I get error message"Cannot connect to the device x.x.x.x using TELNET." because we only allow SSH to get this device.Why Ciscoworks do not try to SSH?
BTW,we do not want to use RCP as flash copy because of security. I want to use TFTP. Which configration I need on the network device? I think I need tell devices where TFTP server is.
All you need to do is adjust your protocols under RME > Admin > Config Mgmt > Transport Settings and RME > Admin > Software Mgmt > View/Edit Preferences. Only include the protocols you want to use in your network.
If you are going to use TFTP for config and image transfers, there is nothing additional you have to configure on your devices.
Thanks for your help! Another question is about Group Admin. On the CS and RME, we could find "Group Admin". I only create new group in the "User defined Group" on RME module. I could find them below RME. Do I need create them on CS module again? Is there any difference between them?
No. You can view the RME User Defined Groups in CS. Go to Common Services > Device and Credentials > Device Selector Settings > Group Customization, and configure User Defined Groups to show all user define groups.
You can do grouping in any or all applications. If the RME grouping parameters are sufficient for your needs, then you can create all your groups there. However, be aware that each application has a limit of 100 user-defined groups.