Filter
Top Products
3-5
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 3 Managing the Device Inventory
Understanding the Device Inventory
• When you add a device manually or from network discovery. For more information, see these topics:
–
Adding Devices from the Network, page 3-11
–
Adding Devices by Manual Definition, page 3-25
• By editing the device properties. For more information, see Viewing or Changing Device Properties,
page 3-39.
You can provide the following device credentials:
• Primary Credentials—The username and password for logging into the device using SSH or Telnet.
This information is required for device communication.
• HTTP Credentials—Some devices allow HTTP or HTTPS connections, and some devices (such as
IPS devices) require it. By default, Security Manager uses the primary credentials for HTTP/HTTPS
access, but you can configure unique HTTP/HTTPS credentials.
• RX-Boot Mode—(Optional) Some Cisco routers are designed to run from flash memory where they
boot only from the first file in flash. This means that you must run an image other than the one in
flash to upgrade the flash image. That image is a reduced command-set image referred to as
RX-Boot (a ROM-based image).
• SNMP Credentials—(Optional) The Simple Network Management Protocol (SNMP) facilitates the
exchange of management information between network devices. SNMP enables network
administrators to manage network performance, find and solve network problems, and plan for
network growth.
Note PIX/ASA/FWSM devices require that user names be at least four characters. Passwords can be three to
32 characters; we recommend that passwords be at least eight characters.
Rather than using device-based credentials, you can configure Security Manager to use the credentials
you use when you log into Security Manager. You can then use the AAA server’s accounting facilities
to track configuration changes by user. Using user login credentials is suitable only if your environment
is configured according to these standards:
• You use TACACS+ or RADIUS for change auditing. User-login credentials will be reflected in these
accounting records. If you use device credentials, all changes made through Security Manager will
come from the same account, regardless of which user made the change.
• User accounts are configured in the AAA server, and they have appropriate device-level access to
perform configuration changes.
• You configure Security Manager and the managed devices to use the AAA server for authorization.
For information on configuring Security Manager to use AAA, see the Installation Guide for Cisco
Security Manager.
• You do not use one-time passwords.
If your network setup supports using user-login credentials, you can configure Security Manager to use
them by selecting Tools > Security Manager Administration. Select Device Communication from the
table of contents, and select Security Manager User Login Credentials in the Connect to Device
Using field. The default is to use device credentials for all device access.
Related Topics
• Device Credentials Page, page 3-44
• Adding Devices to the Device Inventory, page 3-6
• Device Communication Page, page 11-16