Versions Compared

Old Version 2

changes.mady.by.user Viktoryia Varapayeva

Saved on

compared with

New Version 3

changes.mady.by.user Viktoryia Varapayeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

NetMRI HTTPS Settings

In the NetMRI HTTPS Settings tab, you can perform the following:

  • Install an HTTPS certificate. For information, see Installing HTTPS Certificate.
  • Enable or disable HTTP and HTTPS protocols. For information, see Running the NetMRI GUI in HTTP Mode.

    When HTTPS is enabled, you can select one or more CipherSuites to be supported. A Cipher Suite is a combination of a transport protocol (e.g., TLS), an encryption algorithm (e.g., AES128), and an authentication algorithm (e.g., SHA). Most web browsers support a wide range of Cipher Suites. The list of default combinations provided by NetMRI are generally sufficient for most environments. High assurance environments should select only the Cipher Suites that are defined in their specific network security policy.

SSH Settings

Use the SSH Settings tab to configure the SSH protocols and ciphers used by NetMRI when connecting to network devices for configuration file collection and Configuration Command Script execution (i.e., Client mode); and the SSH protocols and ciphers supported by NetMRI when accepting connections to the Administrative Shell (i.e., Server mode). In both cases, you can selectively enable or disable the SSH v1 and SSH v2 protocols, and specify the ciphers to be supported by each protocol. For information, see Configuring Global SSH Settings.

SSH v1 does not support cipher selection in Server mode because the NetMRI SSH server automatically negotiates the cipher based on the request from the SSH v1 client.

SNMP Settings

Use the SNMP Settings tab to specify the version and community/password for accessing the NetMRI SNMP agent. By default, SNMP v1 and SNMP v2c are enabled with a default community string. High assurance environments may disable those protocols and enable SNMP v3, providing an appropriate passphrase. The NetMRI SNMP Agent is automatically configured and restarted when the settings are updated. For information, see Configuring Global SNMP Settings.

The SNMP Settings form applies only to the SNMP agent, not the SNMP protocols used by NetMRI to access network devices. When accessing network devices, NetMRI attempts SNMP v2c first, then tries SNMP v1.

CA Certificates

The CA Certificates tab provides importing and management of X.509 certificates from trusted Certificate Authorities for operations such as Active Directory and LDAP server authentication. For information, see Installing CA Certificate.

Also, see About CA Certificates for Cisco APIC for APIC-specific information.

...

  1. Go to the Settings icon –> General Settings –> Security page and click the CA Certificates tab.
  2. Click Import.
  3. In the pop-up window, enter a logical name for the new certificate.
  4. Click Browse to locate the certificate file.
  5. Click Import to import the CA certificate to NetMRI. The certificate is added to the appliance. The newly imported CA Certificate will appear in the table in the CA Certificates tab after the import is complete.

Anchor
About CA Certificates for

...

Cisco APIC
About CA Certificates for

...

Cisco APIC
About CA Certificates for Cisco APIC

NetMRI accepts CA certificates and certificate chains. Therefore, you can upload both root and intermediate (one-file certificate chain) certificates. Next, are recommendations and best practices for having valid APIC certificates authenticated via HTTPS in NetMRI.

...