Discovery credentials are the CLI, SNMPv2c, SNMPv3, HTTP(S), and NETCONF configuration values for the devices that you want
to discover. You must specify the credentials based on the types of devices you are trying to discover:
-
Network devices: CLI and SNMP credentials.
Note
|
For NETCONF-enabled devices such as embedded wireless controllers, you must specify SSH credentials with admin privilege and
select the NETCONF port.
|
-
Compute devices (NFVIS): CLI, SNMP, and HTTP(S) credentials.
Because the various devices in a network can have different sets of credentials, you can configure multiple sets of credentials
in Cisco DNA Center. The discovery process iterates through all sets of credentials that are configured for the Discovery job until it finds
a set that works for the device.
If you use the same credential values for the majority of devices in your network, you can configure and save them to reuse
in multiple Discovery jobs. To discover devices with unique credentials, you can add job-specific Discovery credentials when
you run Discovery jobs. You can configure up to 10 global credentials for each credential type and define any five of them.
If you need to define a job-specific credential, you can define five global credentials and one job-specific credential for
each credential type.
To define credentials for a Discovery, click the menu icon ( ) and choose
. To continue, use the following procedures and discovery credential information:
Table 1. CLI Credentials
Field |
Description |
Name/Description |
Name or phrase that describes the CLI credentials.
If authentication fails for CLI, Cisco DNA Center retries the authentication process for 300 seconds (5 minutes).
|
Username |
Name that is used to log in to the CLI of the devices in your network.
|
Password |
Password that is used to log in to the CLI of the devices in your network.
For security reasons, re-enter the password as confirmation.
Note
|
Passwords are encrypted for security reasons and are not displayed in the configuration.
|
|
Enable Password |
Password used to move to a higher privilege level in the CLI. Configure this password only if your network devices require
it.
For security reasons, re-enter the enable password.
Note
|
Passwords are encrypted for security reasons and are not displayed in the configuration.
|
|
Table 2. SNMPv2c Credentials
Field |
Description |
Read
|
Note
|
Passwords are encrypted for security reasons and are not displayed in the configuration.
|
|
Write
|
Note
|
Passwords are encrypted for security reasons and are not displayed in the configuration.
|
|
Table 3. SNMPv3 Credentials
Field |
Description |
Name/Description
|
Name or description of the SNMPv3 settings that you are adding.
|
Username |
Name associated with the SNMPv3 settings.
|
Mode
|
Security level that an SNMP message requires. Choose one of the following modes:
-
Authentication and Privacy: Provides both authentication and encryption.
-
Authentication, No Privacy: Provides authentication, but does not provide encryption.
-
No Authentication, No Privacy: Does not provide authentication or encryption.
|
Auth. Type
|
Authentication type to be used. (Enabled if you select Authentication and Privacy or Authentication, No Privacy as Mode.) Choose one of the following authentication types:
|
Auth. Password
|
SNMPv3 password used for gaining access to information from devices that use SNMPv3. These passwords (or passphrases) must
be at least eight characters in length.
Note
|
-
Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum
password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords
results in devices not being discovered, monitored, or managed by Cisco DNA Center.
-
Passwords are encrypted for security reasons and are not displayed in the configuration.
|
|
Privacy Type
|
Privacy type. (Enabled if you select Authentication and Privacy as Mode.) Choose one of the following privacy types:
-
AES128: 128-bit CBC mode AES for encryption.
-
CISCOAES192: 192-bit CBC mode AES for encryption on Cisco devices.
-
CISCOAES256: 256-bit CBC mode AES for encryption on Cisco devices.
Note
|
-
In 2.3.5.5 and earlier, privacy types CISCOAES192 and CISCOAES256 are supported only for use with Discovery and Inventory
features; Assurance features are not supported. This limitation is resolved in 2.3.5.6.
-
Privacy type AES128 is supported for Discovery, Inventory, and Assurance.
|
|
Privacy Password
|
SNMPv3 privacy password that is used to generate the secret key for encrypting messages that are exchanged with devices that
support encryption standards. Passwords (or passphrases) must be at least eight characters long.
Note
|
-
Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum
password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords
results in devices not being discovered, monitored, or managed by Cisco DNA Center.
-
Passwords are encrypted for security reasons and are not displayed in the configuration.
|
|
Table 4. SNMP Properties
Field |
Description |
Retries |
Number of times Cisco DNA Center tries to communicate with network devices using SNMP.
|
Timeout (in Seconds) |
Amount of time, in seconds, between retries. |
Table 5. HTTP(S) Credentials
Field |
Description |
Type
|
Specifies the kind of HTTPS credentials you are configuring. Valid types are Read or Write.
|
Read
|
You can configure up to 10 HTTPS read credentials:
-
Name/Description: Name or description of the HTTPS credentials that you are adding.
-
Username: Name used to authenticate the HTTPS connection.
-
Password: Password used to authenticate the HTTPS connection. Passwords are encrypted for security and are not displayed in the configuration.
-
Port: Number of the TCP/UDP port used for HTTPS traffic. The default is port number 443 (the well-known port for HTTPS).
The password must contain between 7 and 128 characters, including at least one of the following:
-
Lowercase letter (a to z)
-
Uppercase letter (A to Z)
-
Number (0 to 9)
-
Special character: # _ * ? –
The password cannot contain spaces or angle brackets (< >). Note that some Cisco IOS XE devices do not allow a question mark
(?).
|
Write
|
You can configure up to 10 HTTPS write credentials:
-
Name/Description: Name or description of the HTTPS credentials that you are adding.
-
Username: Name used to authenticate the HTTPS connection.
-
Password: Password used to authenticate the HTTPS connection. Passwords are encrypted for security and are not displayed in the configuration.
-
Port: Number of the TCP/UDP port used for HTTPS traffic. The default is port number 443 (the well-known port for HTTPS).
The password must contain between 7 and 128 characters, including at least one of the following:
-
Lowercase letter (a to z)
-
Uppercase letter (A to Z)
-
Number (0 to 9)
-
Special character: # _ * ? –
The password cannot contain spaces or angle brackets (< >). Note that some Cisco IOS XE devices do not allow a question mark
(?).
|
Table 6. NETCONF Setting
Field |
Description |
Port
|
Port on the device. You can use one of the following ports:
-
Port 830 (default).
-
Any other port that is available on the device.
-
A custom port that Cisco DNA Center configures. (You can use a custom port only if Device Controllability is enabled. For more information, see the Device Controllability
section in the Cisco DNA Center Administrator Guide.)
If authentication fails for NETCONF, Cisco DNA Center retries the authentication process for 300 seconds (5 minutes).
|