Managing Your Device Credentials

 
Updated August 14, 2025
PDF
Is this helpful? Feedback

New and Changed Information

The following table provides an overview of the significant changes up to this current release. The table does not provide an exhaustive list of all changes or of the new features up to this release.

Release Version Feature Description

Nexus Dashboard 4.2.1

There were no major changes from the previous release.

Managing your device credentials

While changing the device configuration, Nexus Dashboard uses the device credentials provided by you. However, if you do not provide the LAN switch credentials, Nexus Dashboard prompts you to open the Manage > Device Credentials page to configure the LAN credentials.

Nexus Dashboard uses two sets of credentials to connect to the LAN devices:

  • Discovery Credentials

    Nexus Dashboard uses these credentials during discovery and periodic polling of the devices.

    Nexus Dashboard uses discovery credentials with SSH and SNMPv3 to discover the hardware or software inventory from the switches. You can discover one inventory per switch. These discovery credentials are read-only and you cannot make configuration changes on the switches.

  • Configuration Change Credentials

    Nexus Dashboard uses these credentials when a user changes the device configuration.

LAN Credentials

You can use the write option on the LAN credentials page to do configuration changes on the switch. One credential is allowed per user for a single switch. A user role must access Nexus Dashboard to use the write option for the switches to push configurations on it through an SSH connection.

For a user role created on NX-OS switches, an SNMPv3 user is created with the same password. Ensure that the SSH and SNMPv3 credentials match for the discovery of the credentials. If SNMP authentication fails, discovery of credentials stops displaying an error message. If SNMP authentication succeeds and SSH authentication fails, discovery of credentials continues, and the switch status displays a warning message for the SSH error.

If the user role created on the NX-OS switches uses AAA authentication, the SNMPv3 user is not created. Using this AAA authentication to discover or import a switch in Nexus Dashboard, the controller detects that the local SNMPv3 user is not created on the switch. Nexus Dashboard runs the exec command on the switch to create an SNMPv3 user with the same password on the switch. The SNMPv3 user role is temporary. Once the user role expires, the continual discovery of switches from Nexus Dashboard creates the SNMPv3 user.

LAN credentials management allows you to specify configuration-change credentials. Before changing any LAN switch configuration, you must enter the LAN credentials for the switch. If you do not provide the credentials, the configuration change action is rejected.

These features get the device-write credentials from the LAN credentials feature.

  • Upgrade (ISSU)

  • Maintenance mode (GIR)

  • Patch (SMU)

  • Template deployment

  • POAP-write erase reload, rollback

  • Interface creation, deletion, or configuration

  • VLAN creation, deletion, or configuration

  • VPC wizard

You must specify the configuration-change credentials irrespective of whether the devices were discovered initially or not. This is a one-time operation. After the credentials are set, the credentials are used for any configuration-change operation.

Default Credentials

You use default credentials to connect all the devices that the user has access to. You can override the default credentials by specifying credentials for each of the devices in the Devices table.

Nexus Dashboard tries to use individual switch credentials in the devices, to begin with. If the credentials (username/password) columns are empty in the devices, the default credentials are used.

Robot Credentials

When you specify default credentials, you can enable the robot feature, enabling the robot flag.

The robot user role helps with switch and device accounting. You can track all the changes done on Nexus Dashboard with a general user account. If the user role changes on Nexus Dashboard that impacts the change on the device, this is termed an out-of-band change.

These changes are logged on the device as the changes made by a general user account. Therefore, you can track and distinguish between out-of-band changes and changes made on the device. This general user account is termed as a robot user role for the changes logged on the device.

For example, a user role of network-admin on Nexus Dashboard has access to enter LAN device credentials to push configurations on the switches. With the network-admin user role, you can check the robot flag while creating the LAN credentials.

The username for the LAN credentials is displayed as a change logged on the device. If a username for the LAN credentials is changed to a controller and the robot flag is checked, the credentials for the device changes from default to robot.

This user role pushes configurations on the switches in Nexus Dashboard. These changes are logged in the History tab of the fabric as the changes made by the network-admin user role. The account log on the switch displays as the controller. The appropriate user-role details are logged on Nexus Dashboard and the device.

In Nexus Dashboard, the robot user role is considered the admin role for all the fabrics and the devices. If the default credential is not set on a fabric, you can use the robot user role, if it is set for different devices.

If another user role with write access logs in to Nexus Dashboard, this user role is not prompted to update the credentials as the robot user role is already set. The credentials are set in the following order: individual switch, robot, and then the default credentials.

In the LAN Credentials Management page, you can choose to either use default credentials or robot credentials while changing device configurations, unless you set custom credentials.

To set the default credentials:

  1. Navigate to the LAN Credentials Management page:

    Manage > Device Credentials

  2. In the Default Credentials area, determine that status of the default credentials.

    • Not Set: The default credentials have not been set yet.

    • Default Set: The default credentials are being used when changing the device configuration, unless custom credentials are set for the devices in the table.

    • Robot Set: Robot credentials are being used when changing the device configuration, unless custom credentials are set for the devices in the table.

  3. Change the default credentials, if necessary.

    1. In the Default Credentials area, click Set.

      The Set Default Credentials dialog box appears.

      You will see two tabs: Local and Credential Store.

      note.svg

      You will see the Credential Store tab only if you configured system certificate and mapped to CyberArk feature. For more information on CA certificates and credential store, see Managing Certificates in your Nexus Dashboard and Configuring Users and Security.

    2. If you haven’t configured credential store, in the Local tab, enter the necessary username and password information.

    3. If you have configured credential store, in the Credential Store tab, enter the credential store key.

    4. Choose the Robot checkbox to set the robot credentials.

      note.svg

      If you enable the Enable AAA passthrough of device credentials feature under Admin > System Settings > Fabric Management > Management, then you cannot set the robot flag.

    5. Click Save.

      The status of the default credentials changes based on your selection.

  4. To clear the default device credentials, click Clear.

    A confirmation message appears. Click Clear Credentials to clear the default device credentials.

To edit the credentials for a specific device:

  1. Choose the required Device Name and click Actions > Edit.

    The Edit Credentials dialog box appears.

  2. Enter the necessary username and password information, then click Save.

Switch Table

The Devices table lists all the LAN switches that the user has access to. You can specify the switch credentials individually, which will override the default credentials. In most cases, you need to provide only the default credentials.

The LAN credentials for the Nexus Dashboard Devices table has the following fields.

Field

Description

Device Name

Displays the switch name.

IP Address

Specifies the IP address of the switch.

Credentials

Specifies whether the default or switch-specific custom credentials are used.

Username

Specifies the username that Nexus Dashboard uses to login.

Fabric

Displays the fabric to which the switch belongs.

The following table describes the action items, in the Actions menu drop-down list, that appear on the LAN Credentials Management page.

Action Item

Description

Edit

Choose a device name and click Edit. Specify a username and password. You can edit local or custom- specific credentials.

Clear

Choose a device name and click Clear. A confirmation dialog box appears. Click Yes to clear the switch credentials from the Nexus Dashboard server.

Validate

Choose a device name and click Validate. A confirmation message appears, indicating if the operation was successful or a failure.

Copyright

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

© 2017-2026 Cisco Systems, Inc. All rights reserved.

Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
https://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883

Need help?