I would like to add my cisco 3750 L3 switches to airwave for management. Because I am just learning about the capabilities of airwave I would like to make sure that airwave ONLY has read only access to those switches.
I know that in airwave you just set the device managment to Monitor Only. I would like to take the extra step of making sure that the telnet/ssh cisco username is read only as well. That way no one can accidentally set airwave to manage and destory our configs. This way we would need to change the cisco username information as well as the airwave managment setting before airwave can write to the switches.
I just can't seem to find the right information on how to make it possible. I know cisco uses a numbering system to define security access (1 - 15). However, I don't know:
a) What command airwave uses when monitoing the system
b) How to make sure that a read only user could still view the running config in cisco
Any help would be appreciated :)
Only put in a valid snmp read string, and you should be fine.
I did that however, it can't pull the config to evaluate it. In looking at the logs it is wanting a telnet/ssh credential.
You should setup your users in Airwave so that specific users only have the read-only monitoring and auditing role.
Yes, you need to put in valid telnet/SSH credentials. Your other users would simply not be able to change the config...or put the device in manage mode.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.