Cisco DCNM Fundamentals Configuration Guide, Release 4.1
Administering Devices and Credentials
Downloads: This chapterpdf (PDF - 220.0KB) The complete bookPDF (PDF - 6.63MB) | Feedback

Administering Devices and Credentials

Table Of Contents

Administering Devices and Credentials

Information About Devices and Credentials

Devices

Credentials

Device Status

Virtualization Support

Licensing Requirements for Devices and Credentials

Prerequisites for Administering Devices and Credentials

Guidelines and Limitations for Devices and Credentials

Configuring Devices and Credentials

Adding a Device

Discovering a Device

Unmanaging a Device

Deleting a Device

Configuring Default Device Credentials

Clearing Default Device Credentials

Configuring Unique Credentials for a Device

Clearing Unique Credentials for a Device

Viewing Device Credentials and Status

Field Descriptions for Devices and Credentials

Device and Credentials Content Pane

Additional References for Devices and Credentials

Related Documents

Standards

Feature History for Devices and Credentials


Administering Devices and Credentials


This chapter describes how to administer Cisco NX-OS devices and the credentials that are used by the Cisco Data Center Network Manager (DCNM) server to authenticate itself to the devices.

This chapter includes the following sections:

Information About Devices and Credentials

Licensing Requirements for Devices and Credentials

Prerequisites for Administering Devices and Credentials

Guidelines and Limitations for Devices and Credentials

Configuring Devices and Credentials

Viewing Device Credentials and Status

Field Descriptions for Devices and Credentials

Additional References for Devices and Credentials

Feature History for Devices and Credentials

Information About Devices and Credentials

This section includes the following topics:

Devices

Credentials

Device Status

Virtualization Support

Devices

The Devices and Credentials feature allows you to administer individual devices, which each represent a single virtual device context (VDC) on a device running Cisco NX-OS. For example, if you need to retrieve the running configuration and status information of a single VDC on a device with multiple VDCS, rather than performing device discovery for all the VDCs on the Cisco NX-OS device, you can use the Devices and Credentials feature to rediscover the single device that represents the changed VDC.

Credentials

Devices and Credentials supports the Cisco NX-OS ability to secure each VDC with different credentials. DCNM allows you to configure unique credentials for each discovered device or the use of default credentials when you do not configure unique credentials for a device. If some managed devices share the same credentials but others do not, you can configure unique credentials for some devices and configure the default credentials with the credentials that are shared by some of the managed devices.

Devices and Credentials associates a unique set of device credentials with each DCNM server user account. This means that the accounting logs on managed devices reflect the actions of each DCNM server user. If you open the DCNM with a user account that does not have device credentials configured, the DCNM client prompts you to configure device credentials for the user account.

If support for accounting is not important to your organization, you must still configure each DCNM server user with device credentials, even if the credentials specified for each user are the same.

Device Status

The Devices and Credentials feature shows the status each device. The possible status are as follows:

Managed—DCNM can connect to the device using SSH, configure the running configuration of the device, and retrieve logs and other data from it. This status is possible only for devices that run a supported release of Cisco NX-OS and that are configured properly to support discovery by DCNM. For more information, see the "Cisco NX-OS Device Preparation" section on page 6-2.

Unmanaged—DCNM does not manage the device or monitor the status of the device.

Unreachable—DCNM cannot connect to the device, which was a managed device prior to becoming unreachable. Common causes for this status are as follows:

A network issue is preventing the DCNM server from contacting the device.

SSH is disabled on the device.

All terminal lines on the device are in use.

Virtualization Support

DCNM treats each VDC on a Cisco NX-OS device as a separate device; therefore, DCNM can maintain unique credentials for each VDC on a device. DCNM tracks the status of each VDC separately, as well.

Licensing Requirements for Devices and Credentials

The following table shows the licensing requirements for this feature:

Product
License Requirement

DCNM

Device and Credentials requires no license. Any feature not included in a license package is bundled with the Cisco DCNM and is provided at no charge to you. For information about obtaining and installing a DCNM LAN Enterprise license, see the "Installing Licenses" section on page 2-7.


Prerequisites for Administering Devices and Credentials

Performing device discovery with the Devices and Credentials feature has the following prerequisites:

The DCNM server must be able to connect to a device that you want to discover.

The Cisco NX-OS device must be running a supported version of Cisco NX-OS.

The Cisco NX-OS device must have the minimal configuration that is required to enable device discovery to succeed. For more information, see the "Cisco NX-OS Device Preparation" section on page 6-2.

Guidelines and Limitations for Devices and Credentials

The Devices and Credentials feature has the following configuration guidelines and limitations:

Discovering a device by using the Devices and Credentials feature does not support CDP-based discovery of neighboring devices. To use CDP-based discovery, see the "Administering Device Discovery" section on page 6-1.

Be careful when you change the default credentials or device-specific credentials. Incorrect credentials prevent DCNM from managing devices.

Configuring Devices and Credentials

Figure 7-1 shows the Devices and Credentials content pane.

Figure 7-1 Devices and Credentials Content Pane

This section includes the following topics:

Adding a Device

Discovering a Device

Unmanaging a Device

Deleting a Device

Configuring Default Device Credentials

Clearing Default Device Credentials

Configuring Unique Credentials for a Device

Clearing Unique Credentials for a Device

Adding a Device

You can add a device. This feature is particularly useful when you need to use DCNM to configure a new VDC on a Cisco NX-OS device with which you have already performed device discovery. Rather than rediscovering all VDCs on the device, you can add the one VDC that is new.

After you add a device, you can discover it. For more information, see the "Discovering a Device" section.

BEFORE YOU BEGIN

Determine the IPv4 address for the device.

Determine whether DCNM can communicate with the device using the default device credentials or whether you need to add unique device credentials when you add the device to DCNM.

DETAILED STEPS

To add a device, follow these steps:


Step 1 From the Feature Selector pane, choose DCNM Server Administration > Devices and Credentials.

The discovered devices appear in the Devices area of the Contents pane.

Step 2 From the menu bar, choose Actions > New Device.

A blank row appears in the Devices area on the Contents pane.

Step 3 In the IP Address column for the new device, enter the IPv4 address that DCNM must use to connect to the device.

Step 4 Press Enter.

Step 5 (Optional) If you need to add unique device credentials, in the User Credentials column, double-click the entry for the device that you added, click the down-arrow button, and configure the unique device credentials.

Step 6 From the menu bar, choose File > Deploy to apply your changes to the DCNM server.

The status of the new device is Unmanaged.


Discovering a Device

You can discover a device.

Discovering an unmanaged device changes its status to Managed. During the discovery, DCNM retrieves the running configuration of the device.

If you are rediscovering a device, the configuration data that DCNM retrieves replaces any existing configuration data for the device. Whenever the configuration data that DCNM has for the device is not accurate, such as when a device administrator has used the command-line interface to change the running configuration, you can use this procedure to update the configuration data that DCNM has for the device. This feature is particularly useful when the device is a VDC whose resource allocation was changed, such as changes to the interfaces assigned to the VDC.


Note Discovering a device does not affect the running configuration of the device.


BEFORE YOU BEGIN

Ensure that you have either configured the device entry with unique device credentials or that DCNM can use the default device credentials to connect to the device. For more information, see the "Configuring Default Device Credentials" section.

DETAILED STEPS

To discover a device, follow these steps:


Step 1 From the Feature Selector pane, choose DCNM Server Administration > Devices and Credentials.

The discovered devices appear in the Devices area of the Contents pane.

Step 2 Click the device that you want to discover.

Step 3 From the menu bar, choose Actions > Discover.

The device discovery begins. The status of the device changes to Discovering.

Step 4 Wait for the status to change to Managed.

Typically, the device discovery occurs in less than 5 minutes. After the status changes to Managed, you can use DCNM to configure the device.

You do not need to save your changes.


Unmanaging a Device

You can change the status of a device to unmanaged.

BEFORE YOU BEGIN

Ensure that you are changing the status of the correct device. DCNM cannot control the running configuration of an unmanaged device.

DETAILED STEPS

To change the status of a device to unmanaged, follow these steps:


Step 1 From the Feature Selector pane, choose DCNM Server Administration > Devices and Credentials.

The discovered devices appear in the Devices area of the Contents pane.

Step 2 Click the device whose status you want to change to unmanaged.

Step 3 From the menu bar, choose Actions > Unmanage.

After a short delay, the status of the device changes to Unmanaged.

You do not need to save your changes.


Deleting a Device

You can delete a device. When you delete a device, you delete all configuration data about the device from DCNM.

You should consider deleting devices that you do not intend to manage with DCNM. Additionally, when a device administrator has deleted a VDC by using the command-line interface of the device, you should delete the device from DCNM.


Note Deleting a device does not affect the running configuration of the device.


BEFORE YOU BEGIN

Ensure that you are deleting the correct device.

DETAILED STEPS

To delete a device, follow these steps:


Step 1 From the Feature Selector pane, choose DCNM Server Administration > Devices and Credentials.

The discovered devices appear in the Devices area of the Contents pane.

Step 2 Click the device that you want to delete.

Step 3 From the menu bar, choose Actions > Delete.

The device disappears from the Devices area.

You do not need to save your changes.


Configuring Default Device Credentials

You can configure the default credentials, which DCNM uses to authenticate itself when it connects to discovered Cisco NX-OS devices. DCNM uses the default device credentials to communicate with each discovered device that you have not configured with unique device credentials.


Note Device credentials are unique for each DCNM server user account.


BEFORE YOU BEGIN

Determine what the default device credentials should be. All Cisco NX-OS devices that DCNM uses the default credentials to communicate with must have a network administrator account configured with a username and password that are identical to the default credentials that you configure in DCNM.


Note We recommend that you use a strong password. Common guidelines for strong passwords include a minimum password length of eight characters and at least one letter, one number, and one symbol. For example, the password Re1Ax@h0m3 has ten characters and contains uppercase and lowercase letters in addition to one symbol and three numbers.


DETAILED STEPS

To configure default device credentials, follow these steps:


Step 1 From the Feature Selector pane, choose DCNM Server Administration > Devices and Credentials.

The Default Credentials area appears in the Contents pane, above the Devices area, which lists the discovered devices.

Step 2 In the User Name field, enter the username for the default credentials. A valid username can be 1 to 32 characters. Valid characters are numbers, symbols, and case-sensitive letters.


Note Cisco NX-OS supports usernames that are a maximum of 28 characters.


Step 3 To the right of the Password field, click the down-arrow button.

Step 4 In the Password field and the Confirm Password field, enter the password for the default credentials. Valid passwords are numbers, symbols, and case-sensitive letters.


Note Cisco NX-OS supports passwords that are a maximum of 64 characters.


Step 5 Click OK.

Step 6 From the menu bar, choose File > Deploy to apply your changes to the DCNM server.


Clearing Default Device Credentials

You can clear the default device credentials.


Note If you clear the default device credentials, DCNM can connect to discovered devices only if you have configured unique credentials for each managed device.


BEFORE YOU BEGIN

If you intend to operate DCNM without default device credentials, you should ensure that DCNM is configured with unique device credentials for each discovered device before you perform this procedure. For more information, see the "Configuring Unique Credentials for a Device" section.

DETAILED STEPS

To configure default device credentials, follow these steps:


Step 1 From the Feature Selector pane, choose DCNM Server Administration > Devices and Credentials.

The Default Credentials area appears in the Contents pane, above the Devices area, which lists the discovered devices.

Step 2 In the Default Credentials area, click Clear.

The User Name field and the Password field clear.

Step 3 From the menu bar, choose File > Deploy to apply your changes to the DCNM server.


Configuring Unique Credentials for a Device

You can configure credentials that are unique to a discovered device. When unique credentials exist for a discovered device, DCNM uses them when it connects to the device rather than using the default device credentials.


Note Device credentials are unique for each DCNM server user account.


BEFORE YOU BEGIN

Determine the username and password for a network administrator user account on the discovered device.


Note We recommend that you use a strong password. Common guidelines for strong passwords include a minimum password length of eight characters and at least one letter, one number, and one symbol. For example, the password Re1Ax@h0m3 has ten characters and contains uppercase and lowercase letters in addition to one symbol and three numbers.


DETAILED STEPS

To configure unique credentials for a discovered device, follow these steps:


Step 1 From the Feature Selector pane, choose DCNM Server Administration > Devices and Credentials.

The discovered devices appear in the Devices area of the Contents pane.

Step 2 In the User Credentials column for the device, double-click the entry and then click the down-arrow button.

Step 3 In the User Name field, enter the username. Valid usernames are between 1 and 32 characters. Valid characters are numbers, symbols, and case-sensitive letters.


Note Cisco NX-OS supports usernames that are a maximum of 28 characters.


Step 4 In the Password field and the Confirm Password field, enter the password. Valid passwords are numbers, symbols, and case-sensitive letters.


Note Cisco NX-OS supports passwords that are a maximum of 64 characters.


Step 5 Click OK.

Step 6 From the menu bar, choose File > Deploy to apply your changes to the DCNM server.


Clearing Unique Credentials for a Device

You can clear unique credentials for a discovered device.


Note If you clear the unique credentials for a discovered device, DCNM uses the default credentials to connect to the device.


BEFORE YOU BEGIN

If you intend to operate DCNM without unique credentials for the device, you should ensure that DCNM is configured with default device credentials before you perform this procedure. For more information, see the "Configuring Default Device Credentials" section.

DETAILED STEPS

To clear unique credentials from a discovered device, follow these steps:


Step 1 From the Feature Selector pane, choose DCNM Server Administration > Devices and Credentials.

Discovered devices appear in the Devices area of the Contents pane.

Step 2 In the User Credentials column for the device, double-click the entry and then click the down-arrow button.

Step 3 In the User Name field, delete all text.

Step 4 In the Password field, delete all text.

Step 5 In the Confirm Password field, delete all text.

Step 6 Click OK.

Step 7 From the menu bar, choose File > Deploy to apply your changes to the DCNM server.


Viewing Device Credentials and Status

To view the status for devices and whether credentials are configured for the device, from the Feature Selector pane, choose DCNM Server Administration > Devices and Credentials.

The default credentials appears in the Default Credentials area in the Contents pane. Information about devices, including credentials and status, appear in the Devices area in the Contents pane. For information about the fields that appear, see the "Field Descriptions for Devices and Credentials" section.

Field Descriptions for Devices and Credentials

This section includes the following field descriptions for Devices and Credentials:

Device and Credentials Content Pane

Device and Credentials Content Pane

Table 7-1 Device and Credentials Content Pane 

Field
Description
Default Credentials

User Name

Name of the Cisco NX-OS device user account that the DCNM server uses to access any device that it is discovering or that it is managing. The user account must be assigned to the network-admin or vdc-admin role on the device. By default, this field is blank.

Note The information in the User Credentials field in the Devices area overrides the information in the Default Credentials section.

Password

Password for the Cisco NX-OS device user account specified in the User Name field. By default, this field is blank.

Devices

IP Address

Display only. IPv4 address of the Cisco NX-OS device.

Name

Display only. Name of the Cisco NX-OS device.

User Credentials

The Cisco NX-OS user account that DCNM uses to connect to the Cisco NX-OS device.

Note If you configure this field, DCNM uses the user account that you configure when it connects to the device. If this field is blank, DCNM uses the user account specified in the Default Credentials area. By default, this field is blank.

Status

Display only. Whether the DCNM server can connect to and configure the device. Valid values are as follows:

Managed—The DCNM server can configure the device.

Unmanaged—The DCNM server cannot configure the device.

Unreachable—The DCNM server cannot reach the device.


Additional References for Devices and Credentials

For additional information related to the Devices and Credentials feature, see the following sections:

Related Documents

Standards

Related Documents

Related Topic
Document Title

Cisco NX-OS XML management interface

Cisco NX-OS XML Management Interface User Guide, Release 4.1


Standards

Standards
Title

NETCONF protocol over the Secure Shell (SSH)

RFC 4742


Feature History for Devices and Credentials

Table 7-2 lists the release history for this feature.

Table 7-2 Feature History for Devices and Credentials

Feature Name
Releases
Feature Information

Devices and Credentials

4.1(2)

No change from Release 4.0