05-23-2008 03:44 AM
When I try to manually add a device to the DCR the message "duplicate device" appears, but when I search the DCR neither the device name or ip address appears.
This is not a recently placed device, it just uses different credentials then the default device credentials.
Does anyone have any idea? Please help!
05-23-2008 04:25 AM
Oh its not going to be fun, but you can find it. Do a "sho ip int brie" on the device you are trying to add, then use those addresses one by one in the search bar to see what pops up.
Its not an infrequent occurance, but I would suggest that you consider using a rule of thumb for the authorative identity of all of your devices.
Mine below is pretty standard, but has some variences due to product differences (such as IOS switches)
Order of precidence for device identity interface:
Lo0
Next Highest Lo
Lowest number ethernet interface
Lowest numbered interface
05-23-2008 07:43 AM
Actually, in CS Discovery, the algorithm has changed a little bit. See http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Network%20Management&topicID=.ee71a02&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc09faa for the new algorithm. I wasn't exactly pleased that they changed things.
05-24-2008 03:48 AM
Yes I'm aware of it and aside from Lo0 ignore it :) There are ways to side step it, but requires scripting and manual intervention.
08-26-2008 10:17 PM
I've found the problem, when Ciscoworks runs in ACS-mode ALL devices and I mean ALL devices you want to manage whether or not you use AAA on the device must be configured in the ACS server, or they won't show up in the DCR, even though the devices are discovered by Common services.
This is logical it seems for common users in Ciscoworks, but for an administrator account?? Doesn't seem logical now does it?
08-26-2008 10:35 PM
Actually, it does. Even as an administrator, you must be authorized to view devices. Think of this way. Say you're a managed service provider, and you have multiple customers logging into the same LMS server. Just because a user is an administrator doesn't mean they should have access to all devices. They should only have access to THEIR devices.
That said, there must be at least one SuperAdmin user (the System Identity User). This user needs to have access to ALL devices in ACS in addition to the LMS server. Therefore, it is best to assign this user's group the Super Admin role for all devices, and don't list out individual NDGs.
08-26-2008 11:01 PM
Thanks for your reply,
Are you saying that in the ACS server the Super Admin role must be assigned for all Ciscoworks applications, for the ACS users device group to see all devices in DCR?
Actually this was allready the case before I posted this message, but even with the Super admin role assignbed to the users in that ACS group, they still can't see all devices.
Any suggestions?
08-27-2008 08:38 AM
If the role is assigned to each LMS application in a given ACS group, then all the users in that group will have full access to all LMS tasks for all devices that are BOTH in LMS AND in ACS. Any devices managed by LMS which are not clients of the same ACS server will not be visible, even to Super Admins.
08-28-2008 11:01 PM
Allright all clear now, thanks for the answer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide