Setup System Configuration Parameters in AmpCon


System Configuration setup

Before using AmpCon for deploying PICOS switches,  System Configuration parameters need to be set. Login to the AmpCon GUI. Select the Settings->System Configuration menu and fill in the values for the following parameters:

  1. Enter the following default user name and password: admin/pica8. If you use TACACS, enter the user’s TACACS user name and password. User name and password need to be same for all PICOS switches managed by AmpCon. Please refer to step 6 below for TACACS example configuration and details.
  2. License portal URL: https://license.pica8.com.
  3. License portal user: Enter user id for the Pica8 License Portal.
  4. License portal password: Enter the password for the License Portal.

           Note: Please refer to Appendix G for details on AmpCon Licensing.

      5. Config Backup Number: This field is optional. Specify the maximum backup number for the config snapshots.

      6. Initial security config file path: Before configuring and using the switch, switch will be configured with an initial security configuration to eliminate any unauthorized access. Create a text file and add PICOS security-related set CLIs (for example TACACS commands).

Example TACACS+ configuration for AmpCon:

First configure TACACS+

set system aaa tacacs-plus key xxxx

set system aaa tacacs-plus disable false

set system aaa tacacs-plus server-ip 10.10.51.42

Next, configure the TACACS+ user credentials as follows:

set system login user test authentication plain-text-password xxxxxx                           

set system login user test class super-user

Note that the user name and password for the above TACACS example configuration are test/ xxxxxx. Use these TACACS credentials in step1.

Another option is to upload an empty text file for initial security config. If you upload an empty initial security config file, use admin/pica8 as the password in step1.
Then click + in the Initial security config file path field.

The security configuration contained in the Initial security config file will be in effect in the switch only until the full configuration is pushed by AmpCon.           

      7. Initial parking security config file path: To eliminate any unauthorized access, switches in “parking lot” will be configured with an initial parking security configuration. That is, configurations in “Initial parking security config file” will be pushed to switches that already registered to AmpCon but without generated configuration.

Click + in the Initial parking security config file path field to add the security config file for switches in “parking lot”.

Notes:

As the username and password configured in step 1 are always used by AmpCon to SSH to switches, so, users should ensure that configurations in security config file and parking security config file will not make AmpCon fail to log in to the switch with the username and password configured in step 1.

                                                                                                                                                                   

Next, verify connection to the License server by clicking the link shown below. It will pop-up a window with the Success message shown below.

Click Save to save the System Configuration parameters.

Mutli-site system configuration support

Note

Multi-site system configuration supports from AmpCon v1.13.1.

Multi-site system configuration allows user to manage switches using different SSH login credentails and license portal accounts from different sites in one AmpCon server. 

Create new site system configuration

Enter page "Settings" → "System Configuration", click "+" button on the top right of the form.

Give the new created site configuration a "Conifguration Name" and filled other field according to user requirement.

  • "Device default login user" + "Device default password" will be used to access the switches.
  • "License portal URL" + "License portal user" + "License portal password" will be used to send request to license portal.
  • "Security config file" will be loaded to switch at the beginning of ZTP process.

Warning

If special "Device default login user" + "Device default password" are specified in site configuration, then it will not work with global parking security config file.

Since when switches register to AmpCon as unkown switches, it will automatically load parking security configuration file which may refuse SSH login with the configured  "Device default login user" + "Device default password" in site configuration.

In this case, user should update global parking security with empty file content.

Click "Add" button to save the site configuration.

Associate site system configuration with existing switches

1.   Associate from site configuration

Enter page "Settings" → "System Configuration", select existing site configuraiton in dropdowns.

Click "Manage Switch" button on right bottom side and select switches which user want to associate with the selected site configuration.

Click "Save" to confirm the association rules.

 

 


2.   Associate from switch view

Enter page "Deployment" → "Switch List", find the target switch and click "Configuration" button. 

Select the target site system configuration and click "Save" to confirm the change.

Associate site system configuration with new created switch

While generating configuration in "Deployment" → "Switch Configuration", click "System config" button to have pop-up modal to select system configuration.

 

Associate site system configuration with new import switch

While importing switch in "Lifecycle" → "Import Switch", click "Import" button and select "System Config" in pop-up modal dropdowns.





Copyright © 2024 Pica8 Inc. All Rights Reserved.