03-26-2018 08:13 AM - edited 03-01-2019 06:29 PM
Hi All
After looking at the tacacs authentication logs in our ACS I notice that Prime is continuously trying to log into one of our switch. We have around 1000 network devices on our LAN and this is the only switch that seems to be having this issue.
I know the account is our Prime AAA account and that it is coming from our Prime server.
Is there anyway of figuring out were on Prime this is coming from (user defined or system job or poller)?
Its like trying to find a needle in a hay stack!
Any help would be much appreciated Thanks
Richard
Cisco Prime 3.3 is our current version but problem was still present on previous versions
03-26-2018 08:33 AM
- Is the device configured correctly for Prime's logon (credentials); if needed remove the device from Prime re-enter it, but issue verify credentials first, before the final add.
M.
03-26-2018 08:44 AM
When deleting it it did ask whether I wanted to delete aps associated with device so hopefully that will do the trick. I will know by tomorrow and let you know.
Thanks
Richard
03-26-2018 11:18 AM - edited 03-26-2018 11:22 AM
How continuously is this? Like every 10 minutes perhaps?
If the device is sending SYSLOG messages that 'could' indicate a config change, then PI is waiting 10 minutes and then tries to download the configs files.
If the device continues to send SYSLOG messages, PI will try again in 10 minutes.
This should be visible in the show log of the device.
There is no system job on PI that runs every 10 minutes that would do this.
I do wonder what apps you are talking about.
03-27-2018 04:22 AM
Hi All
The issue is still happening in fact going by the logs I can see that PI is trying to login
Below is an outline of the frequency at the minute and this will happen several times a day.
12:05,12:03,12:01,11:59,11:57,11:55,11:52,11:52,11:52,11:49,11:47,11:45,11:43,11:43,11:43
No syslog configured on the console. I do see an access point on the switch that is continuously going up and down in the logs.
Perhaps this is the reason and keeps kicking off a PI job?
Thanks
Richard
03-27-2018 05:44 AM
>The issue is still happening in fact going by the logs I can see that PI is trying to login
- What exactly are the logs saying ?
>Access point going up and down.
- Can you remove the access point from the switch; is the prime-issue then resolved ?
M.
03-27-2018 07:20 AM
Hi Marce
So on further inspection I realised the AP was juniper so shouldn't be communicating with PI. Anyway I have shut the AP down and am still seeing PI trying to log into that switch every 2 minutes.
Thanks
Richard
03-27-2018 07:27 AM
Ok. also check the switch model and the current software version installed ; compare this with Prime compatibility info (see link below); your OS version , for instance (on the switch) ; might be too low and may need upgrading to get compatible with prime 3.3 (e.g.)
M.
03-27-2018 07:44 AM
Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
WS-C3850-48P 03.06.04.E cat3k_caa-universalk9 INSTALL
Seems to be supported
03-27-2018 08:26 AM
- Could you try to stop and re-start Prime using : ncs stop ; followed by ncs start ?
M.
03-27-2018 09:04 AM
Yes tried that - no joy unfortunately
03-27-2018 10:50 PM
>... Prime is continuously trying to log into one of our switch
I want to re-iterate on this; where is this seen , and what is the content or the exact value of the message you are seeing ?
M.
03-28-2018 01:28 AM
I assume you may have an ACS that tells you about PI making the connection to the switch?
I think it can also tell you what commands PI gives on the switch.
This may give us clue where the job is coming from.
03-28-2018 01:36 AM
03-28-2018 03:25 AM
Can you click on the details icon?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide