Running the export and import utility for device security profiles from the CLI

You can run the export and import commands in the CLI to export and import device security profiles to and from an XML file in TrueSight Network Automation.

Exporting device security profiles

To export device security profiles from TrueSight Network Automation, run the following command:

./export.sh -component DeviceSecurityProfiles -file filename.xml -password password -user username -url https://hostname:port

Example

./export.sh -component DeviceSecurityProfiles -file DeviceSecurityProfiles.xml -password sysadmin2 -user sysadmin -url https://vm-ub84-rds1296:8443

Note

The export command generates the XML where the passwords are always in encrypted format.

The status of import or export can be checked on CLI after the command is run completely.

Importing device security profiles

To import device security profiles into TrueSight Network Automation, run the following command:

./import.sh -user username -password password -url https://hostname:port filename.xml

Example

./import.sh -user sysadmin -password sysadmin2 -url https://vm-ub84-rds1296:8443 DeviceSecurityProfiles.xml

Following is a sample file containing multiple device security profiles, which you can import using CLI:

<?xml version="1.0" encoding="UTF-8"?>
<bbnaData>
<version>
    <build>125</build>
    <lastUpgrader>12</lastUpgrader>
    <maint>1</maint>
    <major>8</major>
    <minor>5</minor>
    <patch>0</patch>
</version>
<deviceSecurityProfile>
	<name>DSP_Avaya</name>
	<realm>Default</realm> 
	<loginUserName>root</loginUserName>   
	<loginPassword>
        <encryptedFlag>false</encryptedFlag>
        <value>loginpassword</value>
    </loginPassword>
	<priority>50</priority>    
	<managedByTerminalServer>false</managedByTerminalServer>
</deviceSecurityProfile>
<deviceSecurityProfile>
	<name>DSP_Nokia</name>    
    <realm>Legal Services</realm>
	<loginUserName>ena</loginUserName>	
	<loginPassword>
       	<encryptedFlag>true</encryptedFlag>
       	<value>4ae81a1cba6df53e5b788f9f526444c9</value>
	</loginPassword>
    <priority>20</priority>    
	<managedByTerminalServer>false</managedByTerminalServer>
</deviceSecurityProfile>
<deviceSecurityProfile>
    <name>DSP_vmware</name>
    <privilegedUserName>aus-clm-pod2-wt-vc\akank</privilegedUserName>
	<privilegedPassword>
		<encryptedFlag>false</encryptedFlag>
       	<value>password</value>
	</privilegedPassword>
	<priority>50</priority>    
	<managedByTerminalServer>true</managedByTerminalServer>
    <terminalServerType>0</terminalServerType>
    <terminalServerUserName>anake</terminalServerUserName>
	<terminalServerPassword>
		<encryptedFlag>true</encryptedFlag>
       	<value>4ae81a1cba6df53e5b788f9</value>
	</terminalServerPassword>
	<terminalServerPassphrase>
		<encryptedFlag>false</encryptedFlag>
      	<value>AdditionalSec</value>
	</terminalServerPassphrase>
</deviceSecurityProfile>
</bbnaData>

The sample file includes the following elements:

Element	Description
<deviceSecurityProfile>	(Required) This element can appear more than once. It acts as a container for all the elements that comprise a device security profile.
`<name>`	(Required) This element can appear only once. It specifies the name of a device security profile, upto 40 characters.
`<realm>`	(Optional) This element can appear only once. It specifies the realm to which you want the device security profile accessible. If the specified realm exists in the TrueSight Network Automation system, then only the device security profile is imported. Otherwise, TrueSight Network Automation fails to import such a device security profile. If you do not specify any realm, the device security profile is associated with the entire network and the device security profile is assigned to a device irrespective of which realm the device belongs to.
<loginUserName>	(Optional) This element can appear only once. It specifies the user name for the login session to be used by the TrueSight Network Automation system. This element is required when a device has RADIUS/TACACS+ enabled or uses local accounts.
<loginPassword>	(Optional) This element can appear only once. It specifies the login password for the login session. The password can appear in plain or encrypted text. To include password in plain text, set `encryptedFlag` to false and specify the plain text password in the `value` element. Otherwise, set `encryptedFlag` to true and specify an encrypted value in the `value` element.
`<privilegedUserName>`	(Optional) This element can appear only once. It specifies the user name for the privilege (enable) mode, as required.
`<privilegedPassword>`	(Optional) This element can appear only once. It specifies the password used when privilege (enable) mode is required to perform configuration file commands. The password can appear in plain or encrypted text. To include password in plain text, set `encryptedFlag` to false, otherwise set it to true.
`<priority>`	(Optional) This element can appear only once. When the device security profile in a Device record is set to Auto, this element indicates the priority (1 to 99) to try each device security profile until one works, after which the TrueSight Network Automation system uses the working device security profile unless reassigned. This solves the issue when you are unsure of the device credentials assigned to each device (for example, use multiple RADIUS/TACACS+ servers). Lower priority device security profiles are tried first. Device security profiles of the same priority are tried in random order. Device security profiles with priority 0 are not tried (that is, disabled). Default value of this element is 50.
<managedByTerminalServer>	(Optional) This element can appear only once. Set its value to true when the managed device is accessed by the TrueSight Network Automation system through a serial terminal server using tunneling. You must also assign the Host Name/IP Address field in the device record based on the value of `terminalServerType` (explained in the next item). Default value of this element is false.
<terminalServerType>	(Required when you set `managedByTerminalServer` to true) This element can appear only once. Valid values include: 0 (Default): Identifies a serial terminal server type. Specify this value if you want to manage device through a terminal server connected to the device's console port. 1: Identifies a custom connection proxy terminal server type. Specify this value if you want to manage a device for which Telnet or SSH connection is appropriate.
`<terminalServerUserName>`	(Optional) This element can appear only once. It specifies the login user name for the terminal server.
`<terminalServerPassword>`	(Optional) This element can appear only once. It specifies the login password for the terminal server. The password can appear in plain or encrypted text. To include password in plain text, set `encryptedFlag` to false and specify the plain text password in the `value` element. Otherwise, set `encryptedFlag` to true and specify an encrypted value in the `value` element.
`<terminalServerPassphrase>`	(Optional) This element can appear only once. It specifies the login passphrase for the terminal server. The password can appear in plain or encrypted text. To include password in plain text, set `encryptedFlag` to false and specify the plain text password in the `value` element. Otherwise, set `encryptedFlag` to true and specify an encrypted value in the `value` element.

Back to top

Running the export and import utility for device security profiles from the CLI

Exporting device security profiles

Importing device security profiles

Related topic

Comments