This topic describes how to add a device security profile.
Enter information into the fields as described below:
Specify a unique name, up to 40 characters, for the device security profile. For example, IOS-account.
This field is required when you are managing multiple realms. Select a realm to make the DSP accessible to a single realm. Select Entire Network if you want to be able to assign the DSP to a device irrespective of which realm the device belongs to.
The Entire Network option appears only for the users who have the Full Rights network right. Only users with the Full Rights network right can then manage (edit, copy, and delete) a DSP assigned to the entire network. All users can select such a DSP when editing a device.
Login User Name
(Optional) Specify the user name for the login session to be used by the BMC Network Automation system. This field is required when a device has RADIUS/TACACS+ enabled or uses local accounts.
(Optional) Login password for the login session.
Privileged User Name
(Optional) Specify the user name for the privilege (enable) mode, as required (see Special instructions for security profiles of specific devices).
(Optional) This password is used when privilege (enable) mode is required to perform configuration file commands. See Special instructions for security profiles of specific devices for a list of device types requiring a privileged password.
|Note: The case sensitivity for the Login User Name, Login Password, Privileged User Name, and Privileged Password fields is device-dependent.|
When the DSP in a Device record is set to Auto, this indicates the priority (1 to 99) to try each DSP until one works, after which the BMC Network Automation system uses the working DSP unless reassigned. This solves the issue when you are unsure of the device credentials assigned to each device (for example, use multiple RADIUS/TACACS+ servers). Lower priority DSPs are tried first. DSPs of the same priority are tried in random order. DSPs with priority 0 are not tried (that is, disabled).
Managed by Terminal Server
(Optional) Select when the managed device is accessed by the BMC Network Automation system through a serial terminal server using tunneling. You must also correctly assign the Host Name/IP Address field in the device record based on the Terminal Server Type, as documented under the tunneling description.
Terminal Server Type
(Required when Managed by a terminal server is selected) Select Serial Terminal Server to manage device through a terminal server connected to the device's console port. Select Telnet/SSH Connection Proxy to manage a device for which Telnet or SSH is appropriate.
Terminal Server User Name
(Optional) Specify the login user name for the terminal server.
Terminal Server Password
(Optional) Specify the login password for the terminal server.
Terminal Server Passphrase
(Optional) Specify the login passphrase for the terminal server.
BMC Network Automation uses only a device's required credentials. Therefore, you can share credentials between device types. For example, if one device requires a privileged password, but another device type does not, you can use the same DSP if all other credentials are the same between device types.
The following table provides special instructions for configuring the BMC Network Automation privileged account based on device type:
Special configuration of a privileged account on device
set admin user username password password privilege all
Check Point Nokia Firewall
Set the Privileged Password to the device's admin password.