You create a CLI device-access group for each group of managed devices that is configured with a different access protocol and/or different set of CLI login credentials. The assumption is that all devices that use a particular access protocol are configured with the same set of credentials (and timeout value). If there are two groups of devices that use a particular access protocol, each configured with its own set of credentials, you would create two CLI device-access groups for that particular access protocol. For example, you would create two CLI device-access groups named SSH2_S1 and SSH2_S2. The matching criteria for each of the groups would limit the group’s members to the appropriate devices.

Table 1. Default values for the CLI Access Setting

Parameter

Default value

Description

AccessProtocol

TELNETSSH1SSH2

Default: TELNET

Determines the remote-access application to use to establish connections to the managed devices that belong to this group. Secure Shell 2 (SSH2) is recommended.

The Network Protocol Management Suite includes Telnet client software.

Instructions for configuring an SSH client are given in Chapter 8, “Configuring SSH Security.”

LoginID

String of unspecified length

Default: null string (empty)

Specifies the username (user ID) for the managed devices that belong to this group.

You must enter a value for this parameter.

Password

A structure that has the following default value:

{NULL String,ENCRYPTED}

Specifies the user password for the managed devices that belong to this group.

If the managed devices that belong to this group are configured for passwordless authentication, or if the access protocol for this group is SSH1 or SSH2 and passwordless authentication is in effect, leave this parameter blank. Otherwise, enter the password twice to confirm the password value.

Note:

IP Availability Manager uses the site key to encrypt the entered password value. As explained in VMware Smart Assurance System Administration Guide, the site key is created during the installation of VMware Smart Assurance applications.

PrivilegedModePassword

A structure that has the following default value:

{NULL String,ENCRYPTED}

Specifies the Privileged-mode enable password for the managed devices that belong to this group.

For Privileged-mode access (not User-mode access), and assuming that the ProhibitPrivLevelCLILogon parameter in the eigrp.conf file (GUID-5FBCF605-A431-484A-B4F6-FBC6F87865D5.html#GUID-5FBCF605-A431-484A-B4F6-FBC6F87865D5___NPM_CONFIG_NPM_29353) or the isis.conf file (GUID-5FBCF605-A431-484A-B4F6-FBC6F87865D5.html#GUID-5FBCF605-A431-484A-B4F6-FBC6F87865D5___NPM_CONFIG_NPM_49456) is FALSE (default), you must enter a value for this parameter. Enter the password twice to confirm the password value.

Note:

IP Availability Manager uses the site key to encrypt the entered password value. As explained in VMware Smart Assurance System Administration Guide, the site key is created during the installation of VMware Smart Assurance applications.

Timeout

1 to 496 seconds

Default: 10 seconds

Sets the amount of time to wait for a Telnet/SSH response before the Telnet /SSH session request times out.