cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1781
Views
0
Helpful
2
Replies

Cisco Prime Infrastructure FTP Backup failure after update to 3.9

divanko
Level 1
Level 1

I thought I might save someone a bit of grief by explaining an issue I had.  Recently we updated Cisco Prime Infrastructure from 3.8 to 3.9, prior to that FTP backups worked flawlessly.  I noticed that 3.9 complained about backups not performing, and I thought that was odd as nothing had changed except the update to 3.9.

 

The FTP repository I had setup in 3.8 was using a hostname, when the upgrade occurred to 3.9 there is a default setting enabled to activate dnssec.  This is documented here: https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-9/release/notes/bk_Cisco_Prime_Infrastructure_3_9_0_Release_Notes.html

 

The solution was to SSH into the Prime Infrastructure Server and issue a "no ip dnssec" command at the CLI.  Afterwards the backups worked as intended.

 

admin# conf t

admin(config)# no ip dnssec

admin# copy run start
Generating configuration...

 

Thanks!

 

Dallas

2 Replies 2

divanko
Level 1
Level 1

DNS Enhancements

  • Prime Infrastructure 3.9 has brought security to DNS traffic by implementing DNS Security Extensions (DNSSEC). This is enabled by default and can be controlled through new Admin CLI option - 'ip dnssec'.

 

 

https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-9/release/notes/bk_Cisco_Prime_Infrastructure_3_9_0_Release_Notes.html

sdnscottie
Level 1
Level 1

Follow-up to DNSSEC option. We were upgrading our Prime Infrastructure from 3.7 to 3.9 and afterwards could not SYNC our WLC's. On the PI, we dropped into the shell and could not ping or nslookup e.g. our WLC. Solution found while comparing the running-cfgs of 3.7 to 3.9 and realised that "ip dnssec" was defaulted in the config. removing with "no ip dnssec" FIXED the PROBLEM and SYNc on WLC's was then SUCCESSFUL. Maybe this helps you guys as well. Now, I can report back to our open TAC-CASE, that we found the problem.
HTH, Scottie

Review Cisco Networking for a $25 gift card