HPE Community
Switches, Hubs, and Modems
1752777 Members
6069 Online
108789 Solutions
New Discussion юеВ

Re: PCM+ and local password on switches?

 
Magnus Tengmo
Advisor

тАО02-02-2009 10:53 PM

тАО02-02-2009 10:53 PM

PCM+ and local password on switches?

Hi!

Do I need to have same password on all switches to get PCM+ to work with software updates?
What is best practise on local passwords on switches?
Today we have different password on all switches.

Best Regards, Magnus
0 Kudos
3 REPLIES 3
Jeff Carrell
Honored Contributor

тАО02-02-2009 11:57 PM

тАО02-02-2009 11:57 PM

Re: PCM+ and local password on switches?

yes, all switches must have the same local uid/pw for PCM+ to access them...

imho, best practice is to _not_ use local uid/pw for day-to-day mgmt access, whether it be PCM+ or someone on the network team...

configure external authentication to a radius server, and have a PCM+ uid/pw and individuals on the network team their own uid/pw configured in the radius server (or user database if not in radius)...that way when you need to make a change or lock someone out, you only have one place to make said change...

the switches local uid/pw should only be known to the senior network engr (who does not use it unless dire emergency), and sealed in an envelope and handed to a level of mgmt 2+ above in the company, with explicit instructions to not divulge unless the one who knows it leaves the company...

hth...jeff
0 Kudos
Magnus Tengmo
Advisor

тАО02-03-2009 04:00 AM

тАО02-03-2009 04:00 AM

Re: PCM+ and local password on switches?

Is it possible to use radius login with PCM+ ?
I have setup AD-login, but can├В┬┤t login with local password anymore?

Best Regards, Magnus
0 Kudos
Magnus Tengmo
Advisor

тАО02-03-2009 04:20 AM

тАО02-03-2009 04:20 AM

Re: PCM+ and local password on switches?

Now I understand, secondary login is only possibly if radius-server is down.

s1p1# show authentication

Status and Counters - Authentication Information

Login Attempts : 3
Respect Privilege : Disabled

| Login Login Enable Enable
Access Task | Primary Secondary Primary Secondary
----------- + ---------- ---------- ---------- ----------
Console | Local None Local None
Telnet | Radius Local Radius Local
Port-Access | Local
Webui | Local None Local None
SSH | Local None Local None
Web-Auth | ChapRadius
MAC-Auth | ChapRadius


/Magnus
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.