General Settings
You can configure and define policies in Cisco UCS Central at the organization level. Manage them in the infrastructure.
IPv6 Support
Cisco UCS Central supports IPv6 addressing. Cisco UCS Central operates on a dual mode where it enables both IPv4 and IPv6. This feature helps Cisco UCS Central and Cisco UCS Manager communicate with each other through an IPv6 address, primarily to share pools and policy related information.
Cisco UCS Central supports the creation and deletion of IPv4 and IPv6 blocks in the IP pools, and supports IPv6 addressing for the following policies:
-
LDAP
-
TACAS
-
Radius
-
NTP
-
DNS
You can now register a Cisco UCS Manager domain using an IPv6 address or an IPv4 address.
You can configure an IPv6 address on the Cisco UCS Central through the GUI or CLI commands. This is also true for all the other areas where Cisco UCS Central uses IPv6 addresses.
You can now create a global service profile (GSP) and a local service profile (LSP) using an outband management IPv4 address and an inband IPv4 and/or IPv6 address.
Configuring IPv6 in Standalone Mode
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
UCSC# scope system |
Enters system mode. |
Step 2 |
UCSC /system # scope network-interface a |
|
Step 3 |
UCSC /network-interface # scope ipv6-config |
|
Step 4 |
UCSC /network-interface/ipv6-config # set net ipv6 ipv6 address ipv6-gw IPv6 gateway ipv6-prefix prefix |
|
Step 5 |
UCSC /network-interface/ipv6-config # commit-buffer |
|
Example
-
Configures IPv6 in standalone mode
-
Commits the transaction.
UCSC #scope system
UCSC /system #scope network-interface a
UCSC /network-interface # scope ipv6-config
UCSC /network-interface/ipv6-config # set net ipv6 ipv6 2001:db8:a::11 ipv6-gw 2001:db8:a::1 ipv6-prefix 64
UCSC /network-interface/ipv6-config # commit-buffer
Configuring IPv6 in High Availability Mode
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
UCSC# scope system |
Enters system mode. |
Step 2 |
UCSC /system #scope network-interface a |
|
Step 3 |
UCSC /network-interface #scope ipv6-config |
|
Step 4 |
UCSC /network-interface/ipv6-config #set net ipv6 ipv6 address ipv6-gw ipv6 gateway ipv6-prefix prefix |
|
Step 5 |
UCSC /network-interface/ipv6-config #commit-buffer |
|
Step 6 |
UCSC /network-interface/ipv6-config #top |
|
Step 7 |
UCSC# scope system |
Enters system mode. |
Step 8 |
UCSC /system #scope network-interface b |
|
Step 9 |
UCSC /network-interface/ipv6-config #scope ipv6-config |
|
Step 10 |
UCSC /network-interface/ipv6-config #set net ipv6ipv6 address ipv6-gwipv6 gatewayipv6-prefixprefix |
|
Step 11 |
UCSC /network-interface/ipv6-config #commit-buffer |
|
Step 12 |
UCSC /network-interface/ipv6-config #top |
|
Step 13 |
UCSC # scope system |
Enters system mode. |
Step 14 |
UCSC /system # set virtual ip ipv6ipv6 address |
|
Step 15 |
UCSC /system # commit-buffer |
|
Step 16 |
UCSC /system # top |
|
Example
-
Configures IPv6 in high availability mode
-
Commits the transaction
UCSC #scope system
UCSC /system #scope network-interface a
UCSC /network-interface # scope ipv6-config
UCSC /network-interface/ipv6-config # set net ipv6 2001:db8:a::11 ipv6-gw 2001:db8:a::1 ipv6-prefix 64
UCSC /network-interface/ipv6-config # commit-buffer
UCSC /network-interface/ipv6-config # top
UCSC #scope system
UCSC /system #scope network-interface b
UCSC /network-interface # scope ipv6-config
UCSC /network-interface/ipv6-config # set net ipv6 2001:db8:a::12 ipv6-gw 2001:db8:a::1 ipv6-prefix 64
UCSC /network-interface/ipv6-config # commit-buffer
UCSC /network-interface/ipv6-config # top
UCSC # scope system
UCSC /system # set virtual-ip ipv6 2001:db8:a::10
UCSC /system # commit-buffer
UCSC /system # top
Disabling IPv6
You can disable IPv6 on the Cisco UCS Central by setting the IPv6 address (in both the standalone and HA mode) to null.
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
UCSC # scope system |
Enters system mode. |
Step 2 |
UCSC /system #scope network-interface a |
Enters node A of the network interface. |
Step 3 |
UCSC /network-interface #scope ipv6-config |
|
Step 4 |
UCSC /network-interface/ipv6-config #set net ipv6 ipv6 :: ipv6-gw :: ipv6-prefix 64 |
|
Step 5 |
UCSC /network-interface/ipv6-config #commit-buffer |
|
Step 6 |
UCSC /network-interface/ipv6-config #top |
|
Step 7 |
UCSC # scope system |
Enters system mode. |
Step 8 |
UCSC /system #set virtual-ip ipv6 :: |
|
Step 9 |
UCSC /system # commit-buffer |
|
Step 10 |
UCSC /system # top |
|
Step 11 |
UCSC # scope system |
Enters system mode. |
Step 12 |
UCSC /system # scope network-interface a |
Enters node A of the network interface. |
Step 13 |
UCSC /network-interface #scope ipv6-config |
|
Step 14 |
UCSC /network-interface/ipv6-config #set net ipv6 ipv6 :: ipv6-gw :: ipv6-prefix 64 |
|
Step 15 |
UCSC /network-interface/ipv6-config #commit-buffer |
|
Step 16 |
UCSC /network-interface/ipv6-config #top |
|
Step 17 |
UCSC # scope system |
Enters system mode. |
Step 18 |
UCSC /system # scope network-interface b |
Enters node B of the network interface. |
Step 19 |
UCSC /network-interface #scope ipv6-config |
|
Step 20 |
UCSC /network-interface/ipv6-config #set net ipv6 ipv6 :: ipv6-gw :: ipv6-prefix 64 |
|
Step 21 |
UCSC /network-interface/ipv6-config #commit-buffer |
|
Step 22 |
UCSC /network-interface/ipv6-config #top |
|
Example
-
Disables IPv6 on Cisco UCS Central for the standalone and HA modes
-
Commits the transaction
UCSC # scope system
UCSC /system # scope network-interface a
UCSC /network-interface# scope ipv6-config
UCSC /network-interface/ipv6-config #set net ipv6 ipv6 :: ipv6-gw :: ipv6-prefix 64
UCSC /network-interface/ipv6-config #commit-buffer
UCSC /network-interface/ipv6-config #top
UCSC # scope system
UCSC /system # set virtual-ip ipv6 ::
UCSC /system # commit-buffer
UCSC /system # top
UCSC # scope system
UCSC /network-interface # scope network-interface a
UCSC /network-interface # scope ipv6-config
UCSC /network-interface/ipv6-config # set net ipv6 ipv6 :: ipv6-gw :: ipv6-prefix 64
UCSC /network-interface/ipv6-config # commit-buffer
UCSC /network-interface/ipv6-config # top
UCSC # scope system
UCSC /system # scope network-interface b
UCSC /network-interface # scope ipv6-config
UCSC /network-interface/ipv6-config # set net ipv6 ipv6 :: ipv6-gw :: ipv6-prefix 64
UCSC /network-interface/ipv6-config # commit-buffer
UCSC /network-interface/ipv6-config # top
Configuring an SNMP Trap
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
UCSC#connect policy-mgr |
Enters policy manager mode. |
Step 2 |
UCSC(policy-mgr)#scope org |
|
Step 3 |
UCSC(policy-mgr) /org#scope device-profile |
|
Step 4 |
UCSC(policy-mgr) /org/device-profile # scope snmp |
Scopes the default SNMP policy's configuration mode. |
Step 5 |
(Optional) UCSC(policy-mgr) /org/device-profile/snmp # create snmp-trap snmp-trap-ip |
(Optional)
If scoping into an organization previously created, it creates the SNMP trap IP address for that organization (in format 0.0.0.0), and enters SNMP trap configuration mode. |
Step 6 |
(Optional) UCSC(policy-mgr) /org/device-profile/snmp # scope snmp-trap snmp-trap-ip |
(Optional)
If scoping into organization previously created, it scopes the SNMP trap IP address for that organization (in format 0.0.0.0), and enters SNMP trap configuration mode. |
Step 7 |
UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set community snmp-trap-community-host-config-string |
Enter the SNMP trap community string to configure the SNMP trap host. |
Step 8 |
UCSC(policy-mgr) /org/device-profile/snmp/snmp-trap* # set notificationtype traps |
Enter the notification type for the SNMP trap as SNMP trap notifications (traps). |
Step 9 |
UCSC(policy-mgr) /org/device-profile/snmp/snmp-trap* # set port port-number |
Enter the SNMP trap port number (1-65535). |
Step 10 |
UCSC(policy-mgr) /org/device-profile/snmp/snmp-trap* # set v3privilege auth | noauth | priv |
Enter a V3 privilege security level for the SNMP trap of authNoPriv security level (auth), noAuthNoPriv security level (noauth), or authPriv security level (priv). |
Step 11 |
UCSC(policy-mgr) /org/device-profile/snmp/snmp-trap* # set version v1 | v2c | v3 |
Enter a version for the SNMP trap of SNMP v1, v2c, or v3. |
Step 12 |
UCSC(policy-mgr) /org/device-profile/snmp/snmp-trap* # commit-buffer |
Commits the transaction to the system configuration. |
Example
-
Scopes into an organization
-
Scopes the SNMP policy
-
Creates the SNMP trap with IP address 0.0.0.0
-
Sets the SNMP community host string to snmptrap01
-
Sets the SNMP notification type to traps
-
Sets the SNMP port to 1
-
Sets the v3privilege to priv
-
Sets the version to v1
-
Commits the transaction
UCSC # connect policy-mgr
UCSC(policy-mgr)# scope org
UCSC(policy-mgr) /org# scope device-profile
UCSC(policy-mgr) /org/device-profile # scope snmp
UCSC(policy-mgr) /org/device-profile/snmp # create snmp-trap 0.0.0.0
UCSC(policy-mgr) /org/device-profile/snmp/snmp-trap* # set community snmptrap01
UCSC(policy-mgr) /org/device-profile/snmp/snmp-trap* # set notificationtype traps
UCSC(policy-mgr) /org/device-profile/snmp/snmp-trap* # set port 1
UCSC(policy-mgr) /org/device-profile/snmp/snmp-trap* # set v3privilege priv
UCSC(policy-mgr) /org/device-profile/snmp/snmp-trap* # set version v1
UCSC(policy-mgr) /org/device-profile/snmp/snmp-trap* # commit-buffer
Configuring an SNMP User
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
UCSC#connect policy-mgr |
Enters policy manager mode. |
Step 2 |
UCSC(policy-mgr)#scope org |
|
Step 3 |
UCSC(policy-mgr) /org#scope device-profile |
|
Step 4 |
UCSC(policy-mgr) /org/device-profile # scope snmp |
Scopes the SNMP policy's configuration mode. |
Step 5 |
UCSC(policy-mgr) /org/device-profile/snmp # create snmp-user snmp-user |
Enter a name for the SNMP user. |
Step 6 |
UCSC(policy-mgr) /org/device-profile/snmp/snmp-user* # set aes-128 yes | no |
Use AES-128 for the SNMP user (yes or no). |
Step 7 |
UCSC(policy-mgr) /org/device-profile/snmp/snmp-user* # set auth md5 | sha |
Use MD5 or SHA authorization mode for the SNMP user. |
Step 8 |
UCSC(policy-mgr) /org/device-profile/snmp/snmp-user* # set password |
Enter and confirm a password for the SNMP user. |
Step 9 |
UCSC(policy-mgr) /org/device-profile/snmp/snmp-user* # set priv-password |
Enter and confirm a private password for the SNMP user. |
Step 10 |
UCSC(policy-mgr) /org/device-profile/snmp/snmp-user* # commit-buffer |
Commits the transaction to the system configuration. |
Example
-
Scopes into an organization
-
Scopes the SNMP policy
-
Scopes into the SNMP user named snmpuser01
-
Sets aes-128 mode to enabled
-
Sets authorization to sha mode
-
Sets password to userpassword01
-
Sets private password to userpassword02
-
Commits the transaction
UCSC # connect policy-mgr
UCSC(policy-mgr)# scope org
UCSC(policy-mgr) /org# scope device-profile
UCSC(policy-mgr) /org/device-profile # scope snmp
UCSC(policy-mgr) /org/device-profile/snmp # scope snmp-user snmpuser01
UCSC(policy-mgr) /org/device-profile/snmp/snmp-user # set aes-128 yes
UCSC(policy-mgr) /org/device-profile/snmp/snmp-user* # set auth sha
UCSC(policy-mgr) /org/device-profile/snmp/snmp-user* # set password
Enter a password: userpassword01
Confirm the password: userpassword01
UCSC(policy-mgr) /org/device-profile/snmp/snmp-user* # set priv-password
Enter a password: userpassword02
Confirm the password: userpassword02
UCSC(policy-mgr) /org/device-profile/snmp/snmp-user* # commit-buffer
Configuring an NTP Server
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
UCSC#connect policy-mgr |
Enters policy manager mode. |
Step 2 |
UCSC(policy-mgr)#scope org |
|
Step 3 |
UCSC(policy-mgr) /org#scope device-profile |
|
Step 4 |
UCSC(policy-mgr) /org/device-profile # scope timezone-ntp-config |
Enters time zone NTP configuration mode. |
Step 5 |
UCSC(policy-mgr) /org/device-profile/timezone-ntp-config # create ntp server-name |
Creates an NTP server instance. |
Step 6 |
UCSC(policy-mgr) /org/device-profile/timezone-ntp-config* # commit-buffer |
Commits the transaction to the system configuration. |
Example
-
Scopes into an organization
-
Creates an NTP server instance named orgNTP01
-
Commits the transaction
UCSC # connect policy-mgr
UCSC(policy-mgr)# scope org
UCSC(policy-mgr) /org# scope device-profile
UCSC(policy-mgr) /org/device-profile # scope timezone-ntp-config
UCSC(policy-mgr) /org/device-profile/timezone-ntp-config # create ntp orgNTP01
UCSC(policy-mgr) /org/device-profile/timezone-ntp-config* # commit-buffer
UCSC(policy-mgr) /org/device-profile/timezone-ntp-config #
Configuring a DNS Server
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
UCSC#connect policy-mgr |
Enters policy manager mode. |
Step 2 |
UCSC(policy-mgr)#scope org |
|
Step 3 |
UCSC(policy-mgr) /org#scope device-profile |
|
Step 4 |
UCSC(policy-mgr) /org/device-profile # scope dns-config |
Enter an existing DNS policy's configuration mode from the organization. |
Step 5 |
UCSC(policy-mgr) /org/device-profile/dns-config # create dns server-IP-address |
Creates a DNS server instance. |
Step 6 |
UCSC(policy-mgr) /org/device-profile/dns-config* # commit-buffer |
Commits the transaction to the system configuration. |
Example
-
Scopes into the organization
-
Creates a DNS server instance named 0.0.0.0
-
Commis\ts the transaction
UCSC # connect policy-mgr
UCSC(policy-mgr)# scope org
UCSC(policy-mgr)/org# scope device-profile
UCSC(policy-mgr) /org/device-profile # scope dns-config
UCSC(policy-mgr) /org/device-profile # create dns 0.0.0.0
UCSC(policy-mgr) /org/device-profile* # commit-buffer
Configuring a Fault Policy
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
UCSC#connect policy-mgr |
Enters policy manager mode. |
Step 2 |
UCSC(policy-mgr)#scope org |
|
Step 3 |
UCSC(policy-mgr) /org#scope device-profile |
|
Step 4 |
(Optional) UCSC(policy-mgr) /org # scope fault policy |
(Optional)
If scoping into the domain group root previously created, scopes the default fault policy's configuration mode from the domain group root. |
Step 5 |
UCSC(policy-mgr) /org/device-profile/policy* # set ackaction delete-on-clear |
Sets the fault policy acknowledgment action to delete on clear (delete-on-clear) or reset to initial severity (reset-to-initial-severity). |
Step 6 |
UCSC(policy-mgr) /org/device-profile/policy* # set clearaction delete | retain |
Sets the fault policy clear action to delete or retain. |
Step 7 |
UCSC(policy-mgr) /org/device-profile/policy* # set clearinterval days | hours | minutes | seconds | retain |
Sets the fault policy clear interval to the number of days, hours, minutes, and seconds or retain. |
Step 8 |
UCSC(policy-mgr) /org/device-profile/policy* # set flapinterval flap-number-of-days |
Sets the fault policy flap interval to the number of days. |
Step 9 |
UCSC(policy-mgr) /org/device-profile/policy* # set retentioninterval days | hours | minutes | seconds | forever |
Sets the fault policy clear interval to the number of days, hours, minutes, and seconds or forever. |
Step 10 |
UCSC(policy-mgr) /org/device-profile/policy* # commit-buffer |
Commits the transaction to the system configuration. |
Example
-
Scopes into the organization
-
Creates a global fault debug policy
-
Enters the status settings
-
Commits the transaction
UCSC # connect policy-mgr
UCSC(policy-mgr)# scope org
UCSC(policy-mgr) /org# scope device-profile
UCSC(policy-mgr) /org/device-profile # scope fault policy
UCSC(policy-mgr) /org/device-profile/policy* # set ackaction delete-on-clear
UCSC(policy-mgr) /org/device-profile/policy* # set clearaction delete
UCSC(policy-mgr) /org/device-profile/policy* # set clearinterval 15 30 60 90
UCSC(policy-mgr) /org/device-profile/policy* # set flapinterval 180
UCSC(policy-mgr) /org/device-profile/policy* # set retentioninterval 180 54 52 63
UCSC(policy-mgr) /org/device-profile/policy* # commit-buffer
UCSC(policy-mgr) /org/device-profile/policy #
Configuring a TFTP Core Export Policy
Procedure
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
UCSC#connect policy-mgr |
Enters policy manager mode. |
||
Step 2 |
UCSC(policy-mgr)#scope org |
|
||
Step 3 |
UCSC(policy-mgr) /org#scope device-profile |
|
||
Step 4 |
(Optional) UCSC(policy-mgr) /org/device-profile # scope tftp-core-export-config |
(Optional)
Scopes an existing TFTP core export debug policy's configuration mode. |
||
Step 5 |
UCSC(policy-mgr) /org/device-profile/tftp-core-export-config* # enable core-export-target |
Enables the TFTP core export target. |
||
Step 6 |
UCSC(policy-mgr) /org/device-profile/tftp-core-export-config* # set core-export-target path name-of-path |
Sets the TFTP core export policy target path. |
||
Step 7 |
UCSC(policy-mgr) /org/device-profile/tftp-core-export-config* # set core-export-target port port-number |
Sets the TFTP core export policy port number (1-65535). |
||
Step 8 |
UCSC(policy-mgr) /org/device-profile/tftp-core-export-config* # set core-export-target server-description port-number |
Sets the TFTP core export target policy server description.
|
||
Step 9 |
UCSC(policy-mgr) /org/device-profile/tftp-core-export-config* # set core-export-target server-name server-name |
Sets the TFTP core export target policy server name. |
||
Step 10 |
UCSC(policy-mgr) /org/device-profile/tftp-core-export-config* # commit-buffer |
Commits the transaction to the system configuration. |
Example
-
Scopes into the organization
-
Scopes the TFTP Core Export Policy
-
Configures the policy
-
Commits the transaction
UCSC # connect policy-mgr
UCSC(policy-mgr)# scope org
UCSC(policy-mgr) /org# scope device-profile
UCSC(policy-mgr) /org/device-profile # scope tftp-core-export-config
UCSC(policy-mgr) /org/device-profile/tftp-core-export-config* # enable core-export-target
UCSC(policy-mgr) /org/device-profile/tftp-core-export-config* # set core-export-target path /target
UCSC(policy-mgr) /org/device-profile/tftp-core-export-config* # set core-export-target port 65535
UCSC(policy-mgr) /org/device-profile/tftp-core-export-config* # set core-export-target server-description "TFTP core export server 2"
UCSC(policy-mgr) /org/device-profile/tftp-core-export-config* # set core-export-target server-name TFTPcoreserver01
UCSC(policy-mgr) /org/device-profile/tftp-core-export-config* # commit-buffer
Creating a Locally Authenticated User
Procedure
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
UCSC#connect policy-mgr |
Enters policy manager mode. |
||
Step 2 |
UCSC(policy-mgr)# scope org |
|
||
Step 3 |
UCSC(policy-mgr) /org # scope device-profile |
|
||
Step 4 |
UCSC(policy-mgr) /org/device-profile # scope security |
|
||
Step 5 |
UCSC(policy-mgr) /org/device-profile/security # create local-user local-user-name |
Creates a user account for the specified local user and enters security local user mode. |
||
Step 6 |
UCSC(policy-mgr) org/device-profile/security/local-user* # set account-status {active | inactive} |
Specifies to enable or disable the local user account. The admin user account is always set to active. You cannot modify it.
|
||
Step 7 |
UCSC(policy-mgr) /org/device-profile/security/local-user* # set password password |
Sets the password for the user account. |
||
Step 8 |
(Optional) UCSC(policy-mgr) /org/device-profile/security/local-user* # set firstname first-name |
(Optional)
Specifies the first name of the user. |
||
Step 9 |
(Optional) UCSC(policy-mgr) /org/device-profile/security/local-user* # set lastname last-name |
(Optional)
Specifies the last name of the user. |
||
Step 10 |
(Optional) UCSC(policy-mgr) /org/device-profile/security/local-user* # set expiration month day-of-month year |
(Optional)
Specifies the date that the user account expires. The month argument is the first three letters of the month name. |
||
Step 11 |
(Optional) UCSC(policy-mgr) /org/device-profile/security/local-user* # set email email-addr |
(Optional)
Specifies the user e-mail address. |
||
Step 12 |
(Optional) UCSC(policy-mgr) /org/device-profile/security/local-user* # set phone phone-num |
(Optional)
Specifies the user phone number. |
||
Step 13 |
(Optional) UCSC(policy-mgr) /org/device-profile/security/local-user* # set sshkey ssh-key |
(Optional)
Specifies the SSH key used for passwordless access. |
||
Step 14 |
UCSC(policy-mgr) /org/device-profile/security/local-user* # commit-buffer |
Commits the transaction. |
Example
-
Scopes into the organization
-
Creates the user account named eagle_eye
-
Enables the user account
-
Sets the password to eye5687
-
Commits the transaction
UCSC # connect policy-mgr
UCSC(policy-mgr)# scope org
UCSC(policy-mgr) /org # scope device-profile
UCSC(policy-mgr) /org/device-profile # scope security
UCSC(policy-mgr) /org/device-profile/security # create local-user eagle_eye
UCSC(policy-mgr) /org/device-profile/security/local-user* # set account-status active
UCSC(policy-mgr) /org/device-profile/security/local-user* # set password
Enter a password: eye5687
Confirm the password: eye5687
UCSC(policy-mgr) /org/device-profile/security/local-user* # commit-buffer
UCSC(policy-mgr) /org/device-profile/security/local-user* #
-
Scopes into the organization
-
Creates the user account named lincey
-
Enables the user account
-
Sets an openSSH key for passwordless access
-
Commits the transaction
UCSC # connect policy-mgr
UCSC(policy-mgr)# scope org
UCSC(policy-mgr) /org # scope device-profile
UCSC(policy-mgr) /org/device-profile # scope security
UCSC(policy-mgr) /org/device-profile/security # create local-user lincey
UCSC(policy-mgr) /org/device-profile/security/local-user* # set account-status active
UCSC(policy-mgr) /org/device-profile/security/local-user* # set sshkey "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuo9VQ2CmWBI9/S1f30klCWjnV3lgdXMzO0WUl5iPw85lkdQqap+NFuNmHcb4K iaQB8X/PDdmtlxQQcawcljk8f4VcOelBxlsGk5luq5ls1ob1VOIEwcKEL/h5lrdbNlI8y3SS9I/gGiBZ9ARlop9LDpD m8HPh2LOgyH7Ei1MI8="
UCSC(policy-mgr) /org/device-profile/security/local-user* # commit-buffer
UCSC(policy-mgr) /org/device-profile/security/local-user* #
-
Scopes into the organization
-
Creates the user account named jforlenz
-
Enables the user account
-
Sets an secure SSH key for passwordless access
-
Commits the transaction
UCSC # connect policy-mgr
UCSC(policy-mgr)# scope org
UCSC(policy-mgr) /org # scope device-profile
UCSC(policy-mgr) /org/device-profile # scope security
UCSC(policy-mgr) /org/device-profile/security # create local-user jforlenz
UCSC(policy-mgr) /org/device-profile/security/local-user* # set account-status active
UCSC(policy-mgr) /org/device-profile/security/local-user* # set sshkey
Enter lines one at a time. Enter ENDOFBUF to finish. Press ^C to abort.
User's SSH key:
> ---- BEGIN SSH2 PUBLIC KEY ----
>AAAAB3NzaC1yc2EAAAABIwAAAIEAuo9VQ2CmWBI9/S1f30klCWjnV3lgdXMzO0WUl5iPw8
>5lkdQqap+NFuNmHcb4KiaQB8X/PDdmtlxQQcawclj+k8f4VcOelBxlsGk5luq5ls1ob1VO
>IEwcKEL/h5lrdbNlI8y3SS9I/gGiBZ9ARlop9LDpDm8HPh2LOgyH7Ei1MI8=
> ---- END SSH2 PUBLIC KEY ----
> ENDOFBUF
UCSC(policy-mgr) /org/device-profile/security/local-user* # commit-buffer
UCSC(policy-mgr) /org/device-profile/security/local-user* #
Creating a Remote User Login Policy
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
UCSC#connect policy-mgr |
Enters policy manager mode. |
Step 2 |
UCSC(policy-mgr)#scope org |
|
Step 3 |
UCSC(policy-mgr) /org#scope device-profile |
|
Step 4 |
UCSC(policy-mgr) /org/device-profile#scope security |
|
Step 5 |
UCSC(policy-mgr) /org/device-profile/security # scope auth-realm |
Enters authentication realm security mode. |
Step 6 |
UCSC(policy-mgr) /org/device-profile/security/auth-realm # set remote-user default-role {assign-default-role | no-login} |
Specifies whether user access to Cisco UCS Central is restricted based on user roles. |
Step 7 |
UCSC(policy-mgr) /org/device-profile/security/auth-realm* # commit-buffer |
Commits the transaction to the system configuration. |
Example
-
Sets the role policy for remote users
-
Commits the transaction
UCSC # connect policy-mgr
UCSC(policy-mgr)# scope org
UCSC(policy-mgr) /org # scope device-profile
UCSC(policy-mgr) /org/device-profile # scope security
UCSC(policy-mgr) /org/device-profile/security # scope auth-realm
UCSC(policy-mgr) /org/device-profile/security/auth-realm # set remote-user default-role assign-default-role
UCSC(policy-mgr) /org/device-profile/security/auth-realm* # commit-buffer
UCSC(policy-mgr) /org/device-profile/security/auth-realm #
Creating a User Role
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
UCSC#connect policy-mgr |
Enters policy manager mode. |
Step 2 |
UCSC(policy-mgr)#scope org |
|
Step 3 |
UCSC(policy-mgr) /org#scope device-profile |
|
Step 4 |
UCSC(policy-mgr) /org/device-profile#scope security |
|
Step 5 |
UCSC(policy-mgr) /org/device-profile/security # create role name |
Creates the user role and enters security role mode. |
Step 6 |
UCSC(policy-mgr) /org/device-profile/security/role* # commit-buffer |
Commits the transaction to the system configuration. |
Example
-
Scopes into the organization
-
Creates the service-profile security-admin role
-
Adds the service profile security to the role
-
Adds service profile security policy privileges to the role
-
Commits the transaction
UCSC # connect policy-mgr
UCSC(policy-mgr) /org# scope device-profile
UCSC(policy-mgr) /org/device-profile # scope security
UCSC(policy-mgr) /org/device-profile/security # create role security-admin
UCSC(policy-mgr) /org/device-profile/security/role* # commit-buffer
Creating a User Locale
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
UCSC#connect policy-mgr |
Enters policy manager mode. |
Step 2 |
UCSC(policy-mgr)#scope org |
|
Step 3 |
UCSC(policy-mgr) /org#scope device-profile |
|
Step 4 |
UCSC(policy-mgr) /org/device-profile#scope security |
|
Step 5 |
UCSC(policy-mgr) /org/device-profile/security # create locale name |
Creates the user role and enters security role mode. |
Step 6 |
UCSC(policy-mgr) /org/device-profile/security/locale * # create org-ref org-ref-name orgdn orgdn-name |
References (binds) an organization to the locale. The org-ref-name argument is the name used to identify the organization reference, and the orgdn-name argument is the distinguished name of the organization referenced. |
Step 7 |
UCSC(policy-mgr) /org/device-profile/security/locale * # commit-buffer |
Commits the transaction to the system configuration. |
Example
-
Creates the finance organization for the western locale
-
Commits the transaction
UCSC # connect policy-mgr
UCSC(policy-mgr)# scope org
UCSC(policy-mgr) /org# scope device-profile
UCSC(policy-mgr) /org/device-profile # scope security
UCSC(policy-mgr) /org/device-profile/security # create locale western
UCSC(policy-mgr) /org/device-profile/security/locale* # create org-ref finance-ref orgdn finance
UCSC(policy-mgr) /org/device-profile/security/locale* # commit-buffer