You create a CLI device-access group for each group of managed devices that is configured with a different access protocol and/or different set of CLI login credentials. The assumption is that all devices that use a particular access protocol are configured with the same set of credentials (and timeout value). If there are two groups of devices that use a particular access protocol, each configured with its own set of credentials, you would create two CLI device-access groups for that particular access protocol. For example, you would create two CLI device-access groups named SSH2_S1 and SSH2_S2. The matching criteria for each of the groups would limit the group’s members to the appropriate devices.

Consult Default values for the CLI Access Settingand the IP Manager User Guideto create CLI device-access groups for the MPLS Topology Server.

Table 1. Default values for the CLI Access Setting

Parameter

Default value

Description

AccessProtocol

TELNET SSH1 SSH2

Default: TELNET

Determines the remote-access application to use to establish connections to the managed devices that belong to this group. Secure Shell 2 (SSH2) is recommended.

MPLS Managerincludes Telnet client software, and for installations on UNIX or Linux systems, also includes SSH client software.

Instructions for configuring an SSH client are given in Chapter 7, “Configuring SSH or Telnet Remote Access.”

LoginID

String of unspecified length

Default: null string (empty)

Specifies the username (user ID) for the managed devices that belong to this group.

You must enter a value for this parameter.

Password

A structure that has the following default value:

{NULL String,ENCRYPTED}

Specifies the user password for the managed devices that belong to this group.

If the managed devices that belong to this group are configured for passwordless authentication, or if the access protocol for this group is SSH1 or SSH2 and passwordless authentication is in effect, leave this parameter blank. Otherwise, enter the password twice to confirm the password value.

Note:

IP Availability Manageruses the site key to encrypt the entered password value. As explained in System Administration Guide, the site key is created during the installation of applications.

PrivilegedModePassword

A structure that has the following default value:

{NULL String,ENCRYPTED}

Specifies the Privileged-mode enable password for the managed devices that belong to this group.

For Privileged-mode access (not User-mode access), you must enter a value for this parameter. Enter the password twice to confirm the password value.

Note:

IP Availability Manageruses the site key to encrypt the entered password value.

Timeout

1 to 496 seconds

Default: 10 seconds

Sets the amount of time to wait for a Telnet/SSH response before the Telnet /SSH session request times out.

When you finish editing the properties of a CLI device-access group,

  1. Click the Applybutton to save the configuration changes to an existing group object or to a newly created group object in the repository of IP Availability Manager.

  2. Click the Reconfiguretoolbar button (

    When the reconfiguration completes, the MPLS Topology Serverimports the group object and saves the group object to its repository.

    The MPLS Topology Serversynchronizes its CLI-device-access group and group-related objects with the CLI-device-access group and group-related objects on IP Availability Manager.) to make the configuration changes take effect.