The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
User Session
|
Step 1 |
From the Navigation Pane, select . |
||||||||
|
Step 2 |
You can view the following properties:
|
|
Step 1 |
From the Navigation Pane, select . |
|
Step 2 |
To disconnect a session, click Disconnect corresponding to the session row you want to disconnect. |
LDAP Configuration
In the Cisco BMC, the SSH, Redfish, Webserver, and Host Console interfaces allow authentication against an LDAP directory. However, the IPMI interface cannot authenticate against LDAP, as it requires the password in clear text during session setup. PAM-based authentication is implemented, ensuring that the authentication flow is the same for both LDAP users and local users.
For LDAP user accounts, there is no LDAP attribute type corresponding to the Cisco BMC privilege roles. The preferred method is to group LDAP user accounts into LDAP groups. Privilege roles can then be assigned to the LDAP group using Redfish and the GUI.
|
Step 1 |
From the Navigation Pane, select . |
||||||||||||||||||||||
|
Step 2 |
Under LDAP authentication, update the following properties:
|
||||||||||||||||||||||
|
Step 3 |
Click Save settings. |
Group roles determine the first-level authorization for users, establishing whether access to the required interface is permitted. For example, a user should not be able to log in to SSH if they only belong to the webserver group and not to the SSH group. Having group roles within common user management allows different applications to create roles for each other. For instance, an administrative user can create a new user through the webserver, granting them the ability to log in to webserver, Redfish, IPMI, and other interfaces.
Ensure that LDAP authentication is enabled.
|
Step 1 |
From the Navigation Pane, select . |
||||||
|
Step 2 |
Click Add role group. |
||||||
|
Step 3 |
Update the following:
|
User Management
Cisco BMC provides a Web GUI to facilitate effective management of user accounts. This includes tasks such as defining user names, setting and modifying passwords, and configuring privilege levels and channel access. These settings are linked to individual user IDs and are stored as a structured array within the non-volatile storage framework associated with the management controller.
|
Step 1 |
From the Navigation Pane, select . |
||||||||||||
|
Step 2 |
Click Add user. Add user window is displayed. |
||||||||||||
|
Step 3 |
In the Add user window update the following properties:
|
||||||||||||
|
Step 4 |
Click Add user. |
|
Step 1 |
From the Navigation Pane, select . |
||||||||||||
|
Step 2 |
To edit a user, click the edit icon corresponding to the user row you want to edit. Edit user window is displayed. |
||||||||||||
|
Step 3 |
In the Edit user window update the following properties:
|
||||||||||||
|
Step 4 |
Click Save. |
|
Step 1 |
From the Navigation Pane, select . |
|
Step 2 |
To enable/disable a user, check the check box corresponding to the user row you want to enable/disable. When you check the check box, a new header row with additional options appears at the top of the table. |
|
Step 3 |
Click Enable/Disable. |
|
Step 1 |
From the Navigation Pane, select . |
||||||||
|
Step 2 |
Click Account policy settings. Account policy settings window is displayed. |
||||||||
|
Step 3 |
In the Account policy settings window update the following properties:
|
||||||||
|
Step 4 |
Click Save. |
You cannot delete a root user.
|
Step 1 |
From the Navigation Pane, select . |
|
Step 2 |
To delete a user, check the check box corresponding to the user row you want to delete. When you check the check box, a new header row with additional options appears at the top of the table. |
|
Step 3 |
Click Delete. |
Updating Policies
The BMC Health Monitor in Cisco BMC tracks and reports the health status of the BMC, providing real-time updates on its operational status. This feature monitors key indicators such as temperature, voltage, fan speed, and hardware health events. It assists administrators in ensuring the proper functioning of the BMC by offering necessary monitoring and alert mechanisms. By delivering comprehensive real-time health reports, it enables administrators to quickly identify and resolve issues, enhancing system maintenance and reliability.
|
Step 1 |
From the Navigation Pane, select . |
|
Step 2 |
Use the BMC Shell (via SSH) toggle button to enable or disable access to shell sessions through port 22 on the BMC. |
|
Step 1 |
From the Navigation Pane, select . |
|
Step 2 |
Use the Network IPMI (Out-of-Band IPMI) toggle button to enable or disable remote management via IPMI. |
Managing Certificates
Certificate management allows easy replacement of existing certificate and private key files with alternatives, which may be issued by a Certification Authority (CA). This feature enables you to deploy both server and client certificates seamlessly. Through the GUI, you can update certificates using unencrypted .pem-formatted certificate and private key files, integrating the private key with the corresponding signed certificate.
|
Step 1 |
From the Navigation Pane, select . |
||||||||||||
|
Step 2 |
Under Certificates, you can view the following properties:
|
|
Step 1 |
From the Navigation Pane, select . |
||||||
|
Step 2 |
Click Add new certificate. Add new certificate window is displayed. |
||||||
|
Step 3 |
In the Add new certificate window update the following properties:
|
||||||
|
Step 4 |
Click Add. |
|
Step 1 |
From the Navigation Pane, select . |
||||||
|
Step 2 |
To replace a certificate, click the replace icon corresponding to the row you want to replace. Replace certificate window is displayed. |
||||||
|
Step 3 |
In the Replace certificate window, update the following properties:.
|
||||||
|
Step 4 |
Click Replace. |
|
Step 1 |
From the Navigation Pane, select . |
|
Step 2 |
To delete a delete certificate, click the delete icon corresponding to the row you want to delete. |
|
Step 3 |
Click Delete to confirm. |
|
Step 1 |
From the Navigation Pane, select . |
||||||||||||||||||||||||
|
Step 2 |
Click Generate CSR. Generate a Certificate Signing Request (CSR) window is displayed. |
||||||||||||||||||||||||
|
Step 3 |
In the Generate a Certificate Signing Request (CSR) window update the following properties:
|
||||||||||||||||||||||||
|
Step 4 |
Click Generate CSR to create the Certificate Signing Request. |
Feedback