The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes licensing and authentication requirements for the Cisco Prime Cable Provisioning Device Provisioning Engine (DPE) and how you can access the command-line interface (CLI) of the DPE.
Licensing controls the number of DPEs that you can use. To configure the DPE from the CLI, you must have a valid license. If you run the commands described in this guide on an unlicensed DPE, the following message appears:
This DPE is not licensed. Your request cannot be serviced. Please check with your system administrator for DPE licenses.
For details on how to obtain the license file, see the Cisco Prime Cable Provisioning 6.1.2 User Guide.
Once you receive your license file, install Prime Cable Provisioning. Then, from the Admin UI, use the following procedure to install the licenses that you purchased:
Note Before installing your license, ensure that you back it up in case you have to reinstall Prime Cable Provisioning.
Step 1 Once you receive your license file, save each file on the system from which you intend to launch the Prime Cable Provisioning Admin UI.
Step 2 Launch your web browser on that system.
Step 3 Enter the administrator’s location using this syntax:
https://
machine_name:port_number /
Step 4 Enter the default username (admin) and default password (changeme).
Note If you are logging in for the first time, the Change Password screen appears. Enter a new password and confirm it. The password that you enter must have at least eight characters.
Step 6 Click the license link at the top of the Main Menu page, or choose Configuration > License Keys.
The Manage License Keys page appears.
Step 7 In the License File field, enter the complete path to the location of the license file on your local system. Remember to include the name of the license file while specifying the pathname. Or, click Browse.
The details regarding the license file appear. For details on licensing in this release, see the Cisco Prime Cable Provisioning 6.1.2 User Guide.
To access the DPE CLI, open a Telnet session to port 2323 from a local or remote host. Before you proceed, however, familiarize yourself with the access levels on the DPE.
Prime Cable Provisioning specifies a certain access level to authorize DPE access. Table 1-1 identifies the two access levels, which are also known as command modes. Each mode provides access to a specific set of commands.
Use the enable, and disable, commands to switch between the two modes.
You can access the DPE CLI following the steps described in:
Privileges required to access DPE CLI are:
For the complete list of default privileges in Prime Cable Provisioning see the Default Privileges section of the Cisco Prime Cable Provisioning 6.1.2 User Guide .
To access the CLI from a local host, you can use:
Once you access the CLI, enter the DPE username and password to continue. The default login username is admin and password is changeme. Unlike the earlier releases of Prime Cable Provisioning, there is no need for second challenge (entering of password) to enter into enable mode. User can enter into enable mode based on the assigned privileges. For the list of DPE CLI privileges, see DPE CLI Privileges.
Note Although the default DPE username is admin and password is changeme, it is not the same as the one that you use to access the Prime Cable Provisioning Admin UI. The default admin user in DPE and RDU are two different users.
For information on how to change the login password, see password.
This result occurs when you access the DPE from a local host specifying its hostname.
This result occurs when you access the DPE from a local host without specifying its hostname.
To access the CLI from a remote host, enter:
where remote_hostname specifies the name of the remote host.
Note If you cannot establish a Telnet connection to the CLI, the CLI server is probably not running. You may need to start the server. To start the server, enter:
# /etc/init.d/bprAgent start cli
Once you access the CLI, you must enter the DPE username and password to continue. The default login username is admin and password is changeme.
Note Although the default DPE username is admin and password is changeme, it is not the same as the one that you use to access the Prime Cable Provisioning Admin UI. The default admin user in DPE and RDU are two different users.
For information on how to change the login password, see password.
This result occurs when you access the DPE from a remote host specifying its hostname.
DPE CLI supports RADIUS and TACACS+ protocols for authenticating a user. Also the local user admin can be used to log into DPE CLI. You cannot configure both RADIUS and TACACS+ protocols together. Also, even when none of the protocols is configured, the local user admin can still be used for authentication. See Chapter 2, “System Commands” for details about the DPE CLI commands.
This mode authenticates the default admin user in the local DPE and this mode is always enabled. In DPE CLI there is only one local account, admin. Users accessing the RDU cannot log into DPE CLI.
RADIUS is a UDP-based protocol used for enabling centralized authentication, authorization, and accounting for network access. It authenticates the users accessing the network services via the RADIUS server using the RADIUS standard protocol.
Cisco AV-pair needs to be configured in the RADIUS server to support authorization for DPE CLI RADIUS users. Cisco IOS/PIX 6.x is the RADIUS server that supports Cisco AV-pair in the Access Control Server (ACS) server. The Cisco AV-pair attribute value is:
Here, Administrators is either the actual user group or user group mapping defined in the RDU. For more details, see the RADIUS Authentication section of the Cisco Prime Cable Provisioning 6.1.2 User Guide.
Note Any changes made to the user groups associated with the user will be reflected only in the next telnet session.
To enable backward compatibility, support of shell privileges priv-lvl=1 and priv-lvl=15 is continued.
Where, priv-lvl=1 is mapped to the privilege PRIV_DPE_READ and priv-lvl=15 is mapped to privileges PRIV_DPE_READ, PRIV_DEVICE_READ, PRIV_DPE_SECURITY, and PRIV_DPE_UPDATE.
Note Use of shell privileges is not a recommended method for authorizing DPE CLI RADIUS users. This method must be used only for backward compatibility.
TACACS+ is a TCP-based protocol that supports centralized access control for several network devices and user authentication for the DPE CLI. Using TACACS+, a DPE supports multiple users (and their individual usernames) and the login password configured at the TACACS+ server. Here is how mapping of privileges is done in case of a TACACS+ server: