Switch Access in SIOM Mode
© Copyright Lenovo 2018
After the embedded switch is provisioned by the CMM in the SIOM mode, the
switch will automatically update its LDAP settings (startTLS, LDAPS or LDAP)
to the ones configured on the CMM. When no external LDAP server is configured
on the CMM, CMM itself will serve as the local LDAP server. The LDAP client
configured on the CMM is pushed onto the switch and the LDAP credentials used
to access the CMM can also be used to access the switch.
To access the switch, you may now use one of the following methods:
The CMM credentials
Other user credentials which depend on the SIOM security policy setting, as
follows:
In legacy mode, if RADIUS or TACACS+ is enabled, they will replace LDAP
as the authentication method. If LDAP backdoor mode is enabled, you can
still use local authentication by using noldap as the username.
In secure mode, you may use the provisioned LDAP credentials.
Notes:
Once the switch is provisioned by the CMM in SIOM mode, it cannot be
accessed using the switch local user accounts.
The switch may perform an additional reboot automatically after changing the
SIOM state or upgrading the CMM software.
Chapter 37: Secure Input/Output Module
523