What is NFM-P NE security?
Access management
CAUTION Service Disruption |
The NFM-P cannot obtain a secret value from an NE during resynchronization. It is recommended that you use only the NFM-P to configure a shared authentication secret.
Do not configure a shared authentication secret directly on a managed NE using another interface, for example, a CLI, or the NFM-P cannot synchronize the security policy with the NE.
You can use the NFM-P to configure security for managed-device access that includes the following:
General rules
An NFM-P site user profile specifies which CLI commands or command groups are permitted or denied on a managed device. A profile can be associated with multiple NFM-P user accounts, and each user account can have up to eight associated profiles.
The following general rules apply to NFM-P security management for devices.
-
The authentication settings on a device override any settings distributed by the NFM-P. For example, if you use the NFM-P to configure a user account with SHA authentication, and then distribute the account to a device that uses MD5 authentication, the account authentication type changes to MD5.
-
MAFs and CPM filters must be manually distributed to a managed device.
-
An operator can limit the type of managed device access per user, for example, allowing FTP access, but denying console, Telnet, and SNMP access.
-
A user profile is independent of a user account, and is not in effect until associated with a user account.