What I see with most customers is that they use TACACS/RADIUS/RadSec for ssh access to the switches, and don't use local accounts on the switches. That provides a centralized audit trail, which is really hard to realize with local logins.
Or is PSM RADIUS/TACACS based?
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Nov 22, 2024 04:36 AM
From: dannybosman
Subject: Aruba switch (CX) integration with CyberArk
Hi
we are using 2930F switches, and - maybe - in the future CX-based switches. We need to change the SSH management flow, so connection must be via CyberArk / PSM
With out-of-the box Cyberark implementation (i.e. Linux connector), it does not work. We see the "userid" is correctly sent to the switch, the pasword is retrieved from Cyberark, but the authenticaion finally fails. Direct connection - without PSM - works fine.
Q : is anyone having a working solution for integration between PSM & Aruba switches
------------------------------
Danny Bosman
KBC Group - Belgium
------------------------------