Advanced Login Options
Multi-Factor Authentication (MFA) and One-Time Passwords authenticate all CVP managed devices when you authenticate with CVP. CVP runs CLIs on managed devices by sending eAPI requests over the gRPC connection established by TerminAttr.
- Under Cluster Management on the settings screen, enable Advanced login options for device provisioning to use MFA and one-time passwords.
- CVP needs TACACS to perform command authorization and accounting as per EOS configuration.
- Use the new Device class to make eAPI requests for using this mechanism in Configlet Builder python scripts.
- Devices must run CVP 2018.2.3 or later releases
- Managed devices must have TerminAttr version 1.5.0 or later
versionsNote: TerminAttr is included with EOS, but may be a version earlier than v1.5.0. Newer versions are available as an extension (swix)
Refer to CVP and TerminAttr release notes available at https://www.arista.com/en/support/software-download for detailed information on compatible TerminAttr versions with CVP and EOS.
- Ensure that the eAPI unix domain socket is enabled with management api http-commands and protocol unix-socket configurations in devices running EOS releases prior to 4.20
To enable MFA and One-Time Passwords authentication, enable Advanced login options for device provisioning using the toggle button under Cluster Management on the Settings page. See the figure below.