Targeting the Cisco Nexus system
For each Cisco Nexus system, add a target system in Bravura Security Fabric (Manage the System > Resources > Target systems).
Type is Cisco Nexus networking equipment (SSH) .
Address uses options described in the table below.
The full list of target system parameters is explained in Target System Options .
Cisco Nexus (SSH) address configuration
Option | Description |
|---|---|
Options marked with a | |
Script file | Must be set to (key: script) |
Server | The IP address/domain name of the Cisco Nexus networking equipment (key: server) |
Target system’s internal hostname | This is the internally-defined host name that, along with the logged in user’s name, comprises the Cisco Nexus prompt. The script generates the expected prompt using this value, then uses the generated prompt to know when commands have completed. (key: name) |
Save target system configuration | Select this to commit changes made to this target to permanent storage on the router, otherwise it will be stored in memory. This is selected by default. (key: docommit) |
Enter administrative mode with ’login’ (otherwise ’enable’) | Select this to enter the administrative configuration mode with the login password, otherwise the system (enable) password will be used. (key: adminuser) |
User and password prompt expected (otherwise password) | Select this if the Cisco Nexus target expects a user and password prompt when connecting, otherwise only the password will be entered. This is selected by default. (key: connlogin) |
Advanced | |
Port | TCP Port number. Default is 22. (key: port) |
Compression | Select to enable data compression for SSH connections. Default is false. (key: compression) |
Action for host keys | Select DenyUnmatch (default) or AllowAppend. For new targets, AllowAppend is recommended. DenyUnmatch only connects to SSH hosts whose public host keys have been previously recorded and have not been changed. It will reject SSH hosts whose keys have not been previously recorded or were previously recorded but have changed. AllowAppend connects to SSH hosts whose public host keys have been previously recorded and have not been changed, and to SSH hosts whose keys have not been previously recorded. It will reject SSH hosts whose keys were previously recorded but have changed. (key: hostkeys) |
Host keys file | Specify the name of the public host key file. It must be located in the \<instance>\script\ directory. (key: file) |
Authentication key file | This is a generic SSH target field that is ignored for Cisco Nexus target systems. Login must be done with username and password. |
Timeout for connection | Amount of time the connector will wait for a response. (key: timeout) |
Enable SSH v1? | To enable SSH connection via SSH protocol version 1. (key: enable_ssh_1) |
Setting up a target system administrator
Bravura Security Fabric requires two administrative credentials on Cisco Nexus to perform Bravura Security Fabric operations. This includes credentials to connect to the Cisco Nexus router, as well as a system (enable) password for elevated privileges.
System passwords do not have an administrator ID, however when defining the credentials for the Cisco Nexus target, an administrator ID is required. You can specify an arbitrary value for the administrator ID as this will not be validated. You must also ensure that this credential is identified as a System password .