PAM Support for "line vty" password on Cisco routers and bridges
search cancel

PAM Support for "line vty" password on Cisco routers and bridges

book

Article ID: 138556

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Can CA PAM manage the "line vty" password on Cisco routers and bridges ? 

When this feature is configured on Cisco routers and bridges, the user connects to the device and is prompted for the "line vty" password without having to provide a user ID. How can CA PAM manage this credential?

Environment

Release : 3.1.1

Component : PRIVILEGED ACCESS MANAGEMENT

Cause

Not Applicable. 

Resolution

This request is about Credential Management rather than Device Access through PAM. Please refer to http://router.over-blog.com/article-how-to-configure-cisco-router-password-106850439.html which discusses how the line vty password is changed by logging in as a user, and then running the following commands:

=======================  ===========================


Router>enable


Router#configure terminal


Enter configuration commands, one per line. End with CNTL/Z.


Router(config)#line vty 0 4


Router(config-line)#password cisco


Router(config-line)#login


Router(config-line)#

============================ =======================


This is not possible Out-Of-Box but should be possible with a custom script. E.g.  one could add a check on the target account name, and a convention for the Target Account Name would have to instated as say "vty-X-Y." When the script sees an account name starting with "vty-", it can go execute the above sequence of commands. 


Such a script could have to customized and Broadcom Services team should be able to help. 


Additional Information

None.