04-19-2007 11:26 AM
In CiscoWorks Out-of-Sync reports all our APs are showing as out of sync because the Crypto-Crypto CA-Crypto CA certificate chain TP-self-signed-# key is not saved to startup config. We have been able to exclude the "Crypto-Crypto CA-Crypto CA certificate chain TP-self-signed-#" but not the accual key. Is there any way to exclude the key.
Thanks
04-19-2007 12:14 PM
This should be taken care of automatically assuming your device supports the command "show running-config brief". If it does, there is one more gotcha to be aware of. If you use TFTP to fetch your configs, there is no way of getting a brief running config using this method. Therefore, the running and startup configs will always be out-of-sync in terms of crypto.
The solution is to make either SSH or TELNET the first protocol in the config fetch protocol order under RME > Admin > Config Mgmt > Transport Settings.
However, if your device not support "show running-config brief" then you will need to upgrade the code, or just ignore the out-of-sync information for the crypto key.
01-03-2008 06:06 AM
I have some 3750 switches with the same issue. They support "show running-config brief" command and the protocol order has Telnet & SSH before TFTP. I can also confirm that the config is being fetched using Telnet.
Any ideas?
LMS 2.5 & RME 4.0.4
01-03-2008 09:52 AM
You will need to get a sniffer trace or the dcmaservice.log after enabling ArchiveMgmt Service debugging to confirm if "show running-config brief" is actually being executed successfully on the devices.
01-04-2008 05:30 AM
thanks for your response, I'll get that sorted. What is the course of action if the "show running-config brief" is not being executed?
01-04-2008 06:08 AM
The code shows that it really should be executed. My guess is that either telnet is failing for some reason, or "show running-config brief" is broken for this device for this version of code.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide