Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2335
Views
4
Helpful
3
Replies

LMS 2.5 - SSH, Telnet, and Creditails

mlinsemier
Level 1
Level 1

‎05-06-2005 04:41 AM

I am hoping someone can give me some guidence regarding some problems that I am having. I have recently installed a fresh copy of LMS 2.5 and installed all the necessary patches and downloaded all of the RME/CM device packages available.

Currently in our environemnt we have a mix of telnet and SSH management (we are moving strictly to SSH at this time) In RME, I notice that there doesn't seem to be way to disable telnet access to a device. I would expect there to be a checkbox or something that would state that you only want to connect to a device via SSH. Additionally, for a few devices where we dont have TACACS enabled, I don't see a place to enter a user password for console access. Our VG200's and CMM's currently dont have TACACS, so I was looking for a place to enter both of these passwords.

Along the same lines for the devices that don't seem to be ever validated under the Credential Verification report, I receive the following under the Configuration Archive settings:

CM0056 Config fetch failed for router1.corp.domain.com Cause: CM0204 Could not create DeviceContext for 156 Cause: CM0206 Could not get the config transport implementation for 10.X.X.X Cause: UNKNOWN Action: Check if required device packages are available in RME. Action: Check if protocol is supported by device and required device package is installed.

I can telent and TACACS+ authenticate form the LMS 2.5 server and it works without prroblems to this device, which is a MSFC3 on a Sup720. It seems like the devices are not supported, yet are discovered under CM.

Thoughts?

Labels:
0 Helpful
3 Replies 3

nhabib
Level 9
Level 9

‎05-06-2005 05:19 AM

In the credentials section for the device that has no tacacs configured, simply put the password.

Leave the username blank.

Do an snmpwalk of sysObjectID and check the RME 4.0 supportlist. Device support is not the same in all applications. So, if a device is supported in CM 4.0, it doesn't mean that it is supported in RME 4.0 (and vice versa).

0 Helpful

jdilley
Level 1
Level 1

‎05-06-2005 06:23 AM

As far as the mix of telnet and SSH management devices left on your network, you are forced to enable both under the "Admin" -> "Config Management" section. You can configure the config transport settings to try SSH first and then fallback to telnet. This will insure that CW will try to SSH to the device first, and then if unsucessful will try telnet.

0 Helpful

Keyan
Level 1
Level 1

‎05-06-2005 11:10 AM

For some reason Cisco decided to create a single login credential field instead of the multiple fields that were there before. For TACACS devices, put in your TACACS username and password. For devices that use other forms of authentication, put in the proper credentials. You do not need a username if you are using a straight VTY-sytle password authentication.

The SUP 720s are not fully supported by RME (last time I checked). You'll notice on the inventory reports that it is unable to collect inventory from them as well.

As far as Telnet vs SSH, Ciscoworks will basically attempt both. If it cannot get a session established using one it will try the other.

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card