03-26-2018 08:13 AM - edited 03-01-2019 06:29 PM
Hi All
After looking at the tacacs authentication logs in our ACS I notice that Prime is continuously trying to log into one of our switch. We have around 1000 network devices on our LAN and this is the only switch that seems to be having this issue.
I know the account is our Prime AAA account and that it is coming from our Prime server.
Is there anyway of figuring out were on Prime this is coming from (user defined or system job or poller)?
Its like trying to find a needle in a hay stack!
Any help would be much appreciated Thanks
Richard
Cisco Prime 3.3 is our current version but problem was still present on previous versions
03-28-2018 03:33 AM
03-28-2018 03:34 AM
03-28-2018 04:06 AM
I think it was in the accounting reports where the commands given in the session where authorized.
Unfortunately we no longer use ACS so I can't check how it was done.
03-28-2018 04:31 AM
- Ok, below is a checklist for items to execute and or verify ; with subsequent results and or info expected :
1) When re-entering the device in Prime as discussed earlier , you did do verify credentials with positive result - right ?
2) During those logon attempts from Prime is there any particular info regarding authentication attempts when you issue show logging (on the switch).
3) Which protocol is used for accessing the switch (besides snmp); telnet or SSH ? For either way try flipping the used-method and check whether the problem persists. Again do this by removing and re-entering the device from prime. WITH verify credentials being used first (positive result expected)
4) Last but not least : if the problem still persists ; try configuring a local account on the switch (not Tacacs based). And check whether this helps. Again you do this by removing the device from prime first and re-entering it, also issue verifying credentials first(!). You also try this by using both protocols (telnet and or SSH).
5) Make sure you are not using ACL's on the switch preventing telnet or SSH access from Prime.
If things are still not working and you feel inclined to reply ; an answer on all check-requests is expected.
'As my ole night-owl always used to say (between 2-oeHoes) - God bless his soul; I can sometimes can be a real burden...:-) (!)
M.
03-28-2018 09:25 AM
I read all the previous replies and I want to get a baseline on exactly what your issue is, I think you have stated it, so forget me if I am going back to basic.
1. You are concern with CPI logging into your switch every 10 minutes?
2. We have already validated that you have no system or user jobs running every 10 minutes.
3. The device(s) in questions are fully managed by CPI?
03-29-2018 04:23 AM
Hi Winston
1. You are concern with CPI logging into your switch every 10 minutes?
This is correct although the frequency is more like every couple of minutes.
2. We have already validated that you have no system or user jobs running every 10 minutes.
This is not the case - I believe there maybe a job somewhere within PI kicking these logins off but I just cant seem to find it or where it would be located.
3. The device(s) in questions are fully managed by CPI?
Yes the device is fully managed.
Thanks
Richard
03-29-2018 04:19 AM
1) When re-entering the device in Prime as discussed earlier , you did do verify credentials with positive result - right ?
No I get the below message but I get this for all switches in our network as we have HTTP access disable for all network device.
"Check whether the HTTP/HTTPS credentials are Valid."
2) During those logon attempts from Prime is there any particular info regarding authentication attempts when you issue show logging (on the switch).
Nothing in the switch logs
3) Which protocol is used for accessing the switch (besides snmp); telnet or SSH ? For either way try flipping the used-method and check whether the problem persists. Again do this by removing and re-entering the device from prime. WITH verify credentials being used first (positive result expected)
SNMP and telnet
4) Last but not least : if the problem still persists ; try configuring a local account on the switch (not Tacacs based). And check whether this helps. Again you do this by removing the device from prime first and re-entering it, also issue verifying credentials first(!). You also try this by using both protocols (telnet and or SSH).
5) Make sure you are not using ACL's on the switch preventing telnet or SSH access from Prime.
No ACLs on switch access to switch is fine
03-29-2018 04:24 AM
- Actions on 3) and 4) are still pending , tx.
M.
03-29-2018 05:31 AM
Hi Marce
Just completed both actions 3 and 4 - problem still persists.
Thanks
Richard
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: