Device Login credentials

bartman

I am a tad bit confused and am seeking clarification.  Understanding that Cirrus can leverage Active Directory for user account authentication and password management, what does this mean?  I am familiar with TACACS.  Does this work similarly?  Given a scenerio where I want to have different passwords on my Cisco devices, how do I manage this with Cirrus?  For example, certain devices tier 2 and 3 should have access, however certain devices only tier 3 should have access.

chris.lapoint

Understanding that Cirrus can leverage Active Directory for user account authentication and password management, what does this mean?

This means that Cirrus will leverage the AD credentials of the user logged into the server to authenticate to the Cirrus console.   Cirrus simply leverages the token created by a Windows authentication to the server, enabling pass-through authentication to Cirrus console.  

a scenerio where I want to have different passwords on my Cisco devices, how do I manage this with Cirrus?

1. Go to File > Manage Users.   
2. Add Windows domain accounts for your tier 1, tier 2, and tier 3 users.    
3. Change Device Connectivity method to allow device login credentials to be attached to each Cirrus account.  Enter appropriate Cisco device login credentials for your tier 1, 2, 3 users respectively.
4. Go to your Cisco devices and change Login Type = User.  This tells Cirrus to leverage the device login credentials attached the logged in Cirrus user.
5. Now, when a tier 1 user logs into Cirrus, their tier 1 device login credentials will be used to authenticate to each device when performing configuration management operations.   If their tier 1 device login credentials don't allow them to perform operations on the device, Cirrus will do nothing to override this and will respect device security.

HTH.  Let me know if you have any further questions.