Network Management

 View Only
  • 1.  Aruba switch (CX) integration with CyberArk

    Posted 16 days ago

    Hi

    we are using 2930F switches, and - maybe - in the future CX-based switches. We need to change the SSH management flow, so connection must be via CyberArk / PSM
    With out-of-the box Cyberark implementation (i.e. Linux connector), it does not work. We see the "userid" is correctly sent to the switch, the pasword is retrieved from Cyberark, but the authenticaion finally fails. Direct connection - without PSM - works fine. 

    Q : is anyone having a working solution for integration between PSM & Aruba switches 



    ------------------------------
    Danny Bosman
    KBC Group - Belgium
    ------------------------------


  • 2.  RE: Aruba switch (CX) integration with CyberArk

    Posted 11 days ago

    What I see with most customers is that they use TACACS/RADIUS/RadSec for ssh access to the switches, and don't use local accounts on the switches. That provides a centralized audit trail, which is really hard to realize with local logins.

    Or is PSM RADIUS/TACACS based?



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Aruba switch (CX) integration with CyberArk

    Posted 11 days ago

    PSM / CyberArk is just a vault where (admin) userid + credentials are stored. Via a specific login string in PUTTY, we are able to retrieve the admin user password. In the background, PSM will than start another ssh sessions and 'paste' the userid + password in the login sequence of the switch. It's this step that fails, probably because the password is not pasted on the correct place in ssh. The switch itself is indeed configured to use TACACS. 

    Just checking if some airhead already did this implementation :) 



    ------------------------------
    Danny Bosman
    KBC Group - Belgium
    ------------------------------