cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1916
Views
0
Helpful
38
Replies
Beginner

Re: *** Conflicting device support info for DFM 3.2 ***

Hi Joseph -

Thanks for spending time trying to solve our issues.  Even though we didn't find out what exactly was wrong and how to solve the problem by fixing it, TAC seems to agree with you - their course of action at this time is to completely rebuild our LMS server.

Best regards,

Matthias

Explorer

Re: *** Conflicting device support info for DFM 3.2 ***

Hi,

I seems face the same problem with you, Can you please mention me how you resolve this problem?

Best Regards,

Jackson Ku

Highlighted
Beginner

Re: *** Conflicting device support info for DFM 3.2 ***

There appears to be a documentation problem for LMS 3.2 - it all came down to undocumented ports not being open in the Windows firewall.

The DFM engine seems to be performing its own connectivity testing during the discovery process.  It is expecting simple ICMP return packets, and while the LMS installation routine added dozens of ports to the Windows firewall configuration it did not add ports required for this type of traffic.  If you completely disable the Windows firewall (not an option for us) then the discovery works fine.

Took Cisco TAC two months to figure this out.

Hall of Fame Cisco Employee

Re: *** Conflicting device support info for DFM 3.2 ***

Thanks for following up back to the community.  I was helping your engineer identify the root cause here.  Yes, ICMP was not being allowed back into the server.  DFM requires ICMP connectivity between itself and the management IP of each device before it will manage the device.

Explorer

Re: *** Conflicting device support info for DFM 3.2 ***

Hi,

I tried to disable windows firewall, it works... Before disable firewall, I add firewall inbound / outbound rule to allow snmp & snmp trap ( udp port 161, 162 ), but it did not work. Can you please tell me how to add inbound / outbound rule to allow the DFM work?

Best Regards,

Jackson Ku

Hall of Fame Cisco Employee

Re: *** Conflicting device support info for DFM 3.2 ***

You need to allow IPv4 ICMP (i.e. ping traffic) on the inbound path.  That is, enable inbound ICMP echo replies.

Explorer

Re: *** Conflicting device support info for DFM 3.2 ***

Hi,

The ping between ciscoworks server and network device is ok, the windows firewall outbound rule is allow all, and I have allow udp port 161 & 162 in inbound rule. but I still fail to import. I installed WireShark at Ciscoworks server, I can see several icmp request / reply packets, but I can not see the following snmp query packets send from ciscoworks server. ( if disable windows firewall, I can see snmp query packets send from ciscoworks server, and import is success )

Best Regards,

Jackson Ku

Hall of Fame Cisco Employee

Re: *** Conflicting device support info for DFM 3.2 ***

You must add an explicit rule allowing in ICMP.  Windows ping will work, but DFM will not until you add this rule.

Explorer

Re: *** Conflicting device support info for DFM 3.2 ***

Hi Joseph,

Thanks for your help. The DFM work fine.

Best Regards,

Jackson Ku

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards