Adding Cisco AsyncOS Systems

Overview

To manage Cisco AsyncOS system accounts, you need to specify a valid local administrative account and password. See "Specifying a local administrative account" for more information. The account used must be an account in the Cisco AsyncOS Administrator role.

To create a Cisco AsyncOS account in the Administrator role using the CLI or GUI, see the following:

• https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-0/cli_reference_guide/b_CLI_Reference_Guide.html
• https://www.cisco.com/c/en/us/td/docs/security/ces/user_guide/esa_user_guide/b_ESA_Admin_Guide_ces_11_0/b_ESA_Admin_Guide_chapter_0100000.html

Since user accounts in the the Cisco AsyncOS Help Desk User role and the Custom user role are restricted from connecting to Cisco AsyncOS systems through SSH, those users, if added to Privileged Access Service, cannot use the Privileged Access Service login functions to connect to a Cisco AsyncOS system.

For any account you add, you can choose whether or not you want the Privileged Access Service to manage the account password. If you select Manage this credential, the Privileged Access Service automatically resets the password immediately after the account and system are added and each time the account is checked in.

You should also keep in mind that only the Privileged Access Service will know the managed password being generated and stored. You should not select this option if you don’t want the Privileged Access Service to manage the password for the account.

For more information about password and system management for Cisco AsyncOS systems, see the following topics:

• Adding Cisco AsyncOS Systems

  • Overview
  • Password Complexity Rules
  • Changing Cisco AsyncOS System Settings

Password Complexity Rules

All managed passwords generated by the Privileged Access Service consist of at least one upper case letter, one lower case letter, one number, one special character, and allow consecutive repeated characters regardless of the system type. In the **Admin Portal > Settings > Resources > Password Profiles, the default password profile for Cisco AsyncOS systems restricts password length to a maximum of 32 characters. The following additional password rules apply:

• Minimum password length: 12 characters.
• Maximum password length: 32 characters.
• Supported special characters: ~ ? ! @ # $ % ^ & * - _ + = \ | / [] () <> {} ; : , .

You should keep in mind that only Privileged Access Service will know the managed password being generated and stored. You should not select this option if you don’t want Privileged Access Service to manage the password for the account.

For information on changing system settings, see:

Changing Cisco AsyncOS System Settings

Changing Cisco AsyncOS System Settings

You can use the System Settings to update the following types of information after adding a system:

• Session type or port number for remote connections

RDP is not supported for Cisco AsyncOS, therefore you should not change the session type. If you don’t specify a session type and port, the secure shell client and port 22 are used by default.

• Select a system time zone

You can manually select the time zone you want to use for any system. If you don’t specify a time zone, the local time zone of the system is used by default.