Hi Shiva,

LMS does not have the capability to fetch pre-shared keys from ASA devices. LMS uses the show running-config command to fetch the device configuration. Because the show running-config command encrypts the pre-shared key, you cannot view or deploy the pre-shared key with LMS. For example:

#show running-config
...

pre-shared-key *
...

As a workaround, you can configure a netconfig job (Configuration> Tools> NetConfig> Create> Ad hoc) that runs the 'more system:running-config' command on the ASA cli. For example:

#more system:running-config
...
pre-shared-key cisco
...

You can view the cli output from the Netconfig job browser. To deploy the pre-shared key, you can cut and paste the results of the Netconfig job onto the ASA cli or in another Netconfig job.

The following enhancement request has been opened against this:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCto14724

Geert

Hi,

We are taking configuration back of ASA firewalls using Cisco works LMS

Everything works fine. Here is what we are trying to achieve

We would like to have the PRE-SHARED KEY (PSK) from the ASA configuration to be decrypted while Cisco works is taking automated backup.

For example: as of today when Cisco works takes any configuration backup, the PSK is encrypted.

Is it possible to add this command ( “more system:running-config”) in below cwcli command

***************************

cwcli config get -u userid -p password [-d debuglevel] [-m email] [-l logfile][-timeout seconds] [-filetype running|startup|runningstartup] { -device list | -view name | -device list -view name |-ipaddress list }

***************************

cwcli netshow createjob -u Username -p Password -customcmd " more system:running-config " -schedule Schedule -scheduletype Schedule Type

***************************

Cisco works LMS

Cisco ASA 5505, 5510 Version 8.2, ASDM version 6.2

Thanks

Mudassir

The cwcli config and cwcli netshow commands do not support the “more system:running-config” command. This should get resolved when the CSCto14724 defect that I mentioned earlier gets fixed. Unfortunately, there is currently no release date for the fix.

Geert

HI

  Thanks for your reply, I have version 3.0 cd not version 4.0.however i do have   lms-4-0-Win-eval-exe files which allow me to install only evalution copy. so i am bit confused now,

do i need to install version 3.0 and then update version 3 lincense and then update version 4.0 license. then how do i get all the features on LMS 4.0.

do i need to download any patch to install and upgrade from verison 3 to version 4.0

Your earliest response would be appreciated.

Regards

Selva

You need to install the LMS 4.0 evaluation version only. Once you have evaluation version you just need to apply the licenses (first major license for LMS 3.0 then upgrade license) to have a full licensed version of LMS 4.0.

Thanks svetlana

  I will try this and update you the status. Also i will ask if i have any other queries on this installation.

SS

Hi

  I have installed evalution 4 and updated 3.0 license and then updated upgrade license to 4.0. All looks good now, thanks for your help.

I am having problem on high cpu issues,. server is very slow performance now.

the process cwjava.exe trying to use 98 percent of cpu.

my server config is :

intel(r)Xenon(r) CPU E5345 @ 2.33GHz

7GB of RAM.

Please advise what need to be done to reduce the cpu load. it also varying from 75 to 98 % of cpu load only for cwjava.exe application.

Regards

SS

Your server is not satisfied with the minimum requirements. Please check http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.0/install/guide/prereq.html#wp1128403, for 1.5 K devices we should have:
    2 CPUs with dual core or 4 CPUs with single core, 8 GB RAM and 16 GB swap space, 64 bit OS

Hi Can you please help me to import hostname from dns server, i have added all my network devices in dns server, i am not sure how to add hostnames in device add menu, i want to all device names from dns server, please advise me how to achieve this.,

Regards

ss

In Order to configure Topology to display DFM alerts you need perform several steps:

1. Launch any Network Topology View.

2. Right click on the Topology map and choose DFM Alert Settings or Click View  -> DFM Alert Settings from the Topology Services menu.

The following settings are displayed:

•Critical

•Warning

•Informational

These settings are checked by default.

3. Uncheck the required setting, for which you do not want to display the information. For example if you want to display only Critical alerts, leave the Critical option checked and uncheck the other two options. The DFM Alert settings is client specific. Therefore, the settings are applied only for your Topology maps and N-Hop View portlet. Other users connected to the same Campus Manager server can choose their own settings.

4. Click Apply to save the settings. The settings are saved to the server.

5. Close all Topology Windows and relaunch Topology Services for the change to take effect.

Hi Svetlana,

I already did these steps. If for example, I disconnected a link between 2 switches, alert/event was detected by DFM saying that it is operationally down, this is a critical alert. How many minutes before the Topology displays the DFM alert (a critical icon and link would turn red)? On which setting does the topology rely for it to display the alerts immediately?

Hi,

Campus manager could not display the alert immediately. In order to display the alert, Campus Manager should poll DFM. You could configure the polling interval to any value between six minutes and fifty nine minutes, fifty nine seconds under: Campus Manager -> Administration -> Topology -> DFM Poller Settings.

Svetlana