This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Q: VSP 7400 and XMC integration, and password management / expiration

Q: VSP 7400 and XMC integration, and password management / expiration

malachykidd
New Contributor

‎09-01-2021 12:35 AM

Hello, all.

 

We’re relatively new to Extreme Networks and XMC, and very new to VSP.  We’ve just installed a set of VSP 7400 switches, and now we’re looking to integrated the new switches with our XMC deployment.

 

First, do any of you have a handy integration guide for VSP and XMC?  I’m sure I can muddle through getting them to talk, but I would probably miss important caveats, optimizations, etc.

 

Second, I see that VSP switches have a mandatory password change policy, regardless what security mode they are installed in.  For those of you who integrate with XMC-- and those who have large numbers of VSP switches-- how do you deal with password management?  Is the SNMPv3 user account subject to password expiration?

 

I’m not looking forward to changing passwords on multiple switches at least once each year, especially when we have no reason to believe there’s been a compromise (and what about emergency accounts, the passwords for which should be written on a piece of paper, sealed in an envelope, and locked in a safe until needed?).  To be honest, vendor-mandated security policies rub me the wrong way.

 

Thank you for your assistance!

 

-- Mal

0 Kudos
3 REPLIES 3

Dilraj_Singh_Kh
Extreme Employee

‎09-04-2021 12:36 AM

Hi @malachykidd ,

See the below snippet from the VOSS User guide:

ebe2aaccb3f24b79838095190f6e584a_0f6a142e-2b4c-441a-8d68-6197a74b95c5.png

 

The command to set the aging time is “password access-level rwa aging-time <1-365>

This is for the local device management password.

For SNMPv3, user there is no expiration, unless you have any evidence to prove it otherwise.

There exist 3 security modes in VSP. Based on what we set/use, the password policy changes based on that. Refer section “Security Modes” of this doc for details.

Hope this helps.

0 Kudos

malachykidd
New Contributor

‎09-01-2021 03:29 PM

 

I’m referring to both.

 

Thank you for your assistance.

 

-- Mal

0 Kudos

Dilraj_Singh_Kh
Extreme Employee

‎09-01-2021 01:02 AM

HI @malachykidd 

There is absolutely no difference between how XMC interacts with a VSP device and an EXOS device. There could be difference between the features that XMC support for VSP devices (considering they are relatively new as compared to EXOS) but no difference if we talk about just pure interaction.

To see the features that XMC support for a VSP device refer the below matrix link:

https://emc.extremenetworks.com/content/common/releasenotes/extended_firmware_support.htm

There is one extra module inside XMC that you must be aware of i.e. Fabric Manager. This module got added inside XMC as part of Avaya’s Data portfolio acquisition back in 2018 which includes VSP and ERS devices that support SPBM (Fabric). To get more details on Fabric Manager, refer below:

https://emc.extremenetworks.com/content/oneview/docs/network/fabric/c_fabric_overview.htm

Regarding Passwords, you talking about SNMPv3 users Auth/Priv passwords or the device login password?

0 Kudos
GTM-P2G8KFN