Running the export and import utility for device security profiles from the CLI
You can run the export and import commands in the CLI to export and import device security profiles to and from an XML file in TrueSight Network Automation.
Exporting device security profiles
To export device security profiles from TrueSight Network Automation, run the following command:
./export.sh -component DeviceSecurityProfiles -file filename.xml -password password -user username -url https://hostname:port
Example
./export.sh -component DeviceSecurityProfiles -file DeviceSecurityProfiles.xml -password sysadmin2 -user sysadmin -url https://vm-ub84-rds1296:8443
Note
The export
command generates the XML where the passwords are always in encrypted format.
The status of import or export can be checked on CLI after the command is run completely.
Importing device security profiles
To import device security profiles into TrueSight Network Automation, run the following command:
./import.sh -user username -password password -url https://hostname:port filename.xml
Example
./import.sh -user sysadmin -password sysadmin2 -url https://vm-ub84-rds1296:8443 DeviceSecurityProfiles.xml
Following is a sample file containing multiple device security profiles, which you can import using CLI:
<?xml version="1.0" encoding="UTF-8"?>
<bbnaData>
<version>
<build>125</build>
<lastUpgrader>12</lastUpgrader>
<maint>1</maint>
<major>8</major>
<minor>5</minor>
<patch>0</patch>
</version>
<deviceSecurityProfile>
<name>DSP_Avaya</name>
<realm>Default</realm>
<loginUserName>root</loginUserName>
<loginPassword>
<encryptedFlag>false</encryptedFlag>
<value>loginpassword</value>
</loginPassword>
<priority>50</priority>
<managedByTerminalServer>false</managedByTerminalServer>
</deviceSecurityProfile>
<deviceSecurityProfile>
<name>DSP_Nokia</name>
<realm>Legal Services</realm>
<loginUserName>ena</loginUserName>
<loginPassword>
<encryptedFlag>true</encryptedFlag>
<value>4ae81a1cba6df53e5b788f9f526444c9</value>
</loginPassword>
<priority>20</priority>
<managedByTerminalServer>false</managedByTerminalServer>
</deviceSecurityProfile>
<deviceSecurityProfile>
<name>DSP_vmware</name>
<privilegedUserName>aus-clm-pod2-wt-vc\akank</privilegedUserName>
<privilegedPassword>
<encryptedFlag>false</encryptedFlag>
<value>password</value>
</privilegedPassword>
<priority>50</priority>
<managedByTerminalServer>true</managedByTerminalServer>
<terminalServerType>0</terminalServerType>
<terminalServerUserName>anake</terminalServerUserName>
<terminalServerPassword>
<encryptedFlag>true</encryptedFlag>
<value>4ae81a1cba6df53e5b788f9</value>
</terminalServerPassword>
<terminalServerPassphrase>
<encryptedFlag>false</encryptedFlag>
<value>AdditionalSec</value>
</terminalServerPassphrase>
</deviceSecurityProfile>
</bbnaData>
The sample file includes the following elements:
Element | Description |
---|---|
<deviceSecurityProfile> | (Required) This element can appear more than once. It acts as a container for all the elements that comprise a device security profile. |
<name> | (Required) This element can appear only once. It specifies the name of a device security profile, upto 40 characters. |
<realm> | (Optional) This element can appear only once. It specifies the realm to which you want the device security profile accessible. If the specified realm exists in the TrueSight Network Automation system, then only the device security profile is imported. Otherwise, TrueSight Network Automation fails to import such a device security profile. If you do not specify any realm, the device security profile is associated with the entire network and the device security profile is assigned to a device irrespective of which realm the device belongs to. |
<loginUserName> | (Optional) This element can appear only once. It specifies the user name for the login session to be used by the TrueSight Network Automation system. This element is required when a device has RADIUS/TACACS+ enabled or uses local accounts. |
<loginPassword> | (Optional) This element can appear only once. It specifies the login password for the login session. The password can appear in plain or encrypted text. To include password in plain text, set encryptedFlag to false and specify the plain text password in the value element. Otherwise, set encryptedFlag to true and specify an encrypted value in the value element. |
| (Optional) This element can appear only once. It specifies the user name for the privilege (enable) mode, as required. |
<privilegedPassword> | (Optional) This element can appear only once. It specifies the password used when privilege (enable) mode is required to perform configuration file commands. The password can appear in plain or encrypted text. To include password in plain text, set encryptedFlag to false, otherwise set it to true. |
<priority> | (Optional) This element can appear only once. When the device security profile in a Device record is set to Auto, this element indicates the priority (1 to 99) to try each device security profile until one works, after which the TrueSight Network Automation system uses the working device security profile unless reassigned. This solves the issue when you are unsure of the device credentials assigned to each device (for example, use multiple RADIUS/TACACS+ servers). Lower priority device security profiles are tried first. Device security profiles of the same priority are tried in random order. Device security profiles with priority 0 are not tried (that is, disabled). Default value of this element is 50. |
<managedByTerminalServer> | (Optional) This element can appear only once. Set its value to true when the managed device is accessed by the TrueSight Network Automation system through a serial terminal server using tunneling. You must also assign the Host Name/IP Address field in the device record based on the value of |
<terminalServerType> | (Required when you set
|
<terminalServerUserName> | (Optional) This element can appear only once. It specifies the login user name for the terminal server. |
<terminalServerPassword> | (Optional) This element can appear only once. It specifies the login password for the terminal server. The password can appear in plain or encrypted text. To include password in plain text, set encryptedFlag to false and specify the plain text password in the value element. Otherwise, set encryptedFlag to true and specify an encrypted value in the value element. |
<terminalServerPassphrase> | (Optional) This element can appear only once. It specifies the login passphrase for the terminal server. The password can appear in plain or encrypted text. To include password in plain text, set encryptedFlag to false and specify the plain text password in the value element. Otherwise, set encryptedFlag to true and specify an encrypted value in the value element. |
Comments
Log in or register to comment.