10-15-2010 06:00 AM
Hello,
I try to use the "cwcli config compareanddeploy"command in CLI since i need to make first report, then add several monitoring configuration lines in thousand of equipments.
cwcli config comparewithbaselin -u *** -p ** -baseline templatesnmptrap.txt -device switch1
I got this error message in return:
SUMMARY
=======
Failed: compareanddeploy: The job could not be created since no device is available.
<cwcli> ERROR - The baseline template templatesnmptrap.txt is not valid for this device switch1
I need to find out what is the command line to make valid my baseline template for all devices:
CIscoWorks document file "Using cwcli Commands" chapter 19-1 78-16503-01 doesn't seems to contain this feature described, neither this error message:
Could someone help me finding corresponding command line to make it possible ?
Regards,
Andre
Solved! Go to Solution.
10-29-2010 08:47 AM
I cannot reproduce. The last template I posted shows my 3560 with this config:
interface Vlan127
ip address 192.168.0.133 255.255.255.0
standby 127 ip 192.168.0.134
!snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps transceiver all
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps power-ethernet group 1
snmp-server enable traps power-ethernet police
snmp-server enable traps rep
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps bgp
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps event-manager
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps rtr
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
As being non-compliant due to the missing HSRP trap definition. I wonder if the config known to RME is not the same as the config on the device. Go to RME > Config Mgmt > Archive Mgmt > Version Tree and look at the latest config on your test device. Make sure it has the prerequisite Vlan configuration, and make sure it is missing the HSRP trap definition.
10-17-2010 09:21 PM
Please post the templatesnmptrap.txt file and post the sysObjectID of switch1. Chances are the baseline was created for a different switch type than your selected device.
10-19-2010 06:11 AM
Hello,
please find file templatesnmptrap.txt enclosed:
sysObjectID of switch1 is 1.3.6.1.4.1.9.1.219
Please find also enclosed log file issued from the modified CLI command hereunder:
cwcli config compareanddeploy -u xxx -p xxx-baseline templatesnmptrap.txt -input devicelist2.txt -d 5 -l templatesnmptrap.log
devicelist2.txt contains the hereunder line:
------------------------
-device switch1
------------------------
Regards,
Andre
10-19-2010 08:58 PM
Please export the template to XML from within the Compliance Templates page. Post the resulting XML export.
10-20-2010 06:56 AM
Hello,
your request helped me realize the real problem:
In fact, there is no newbaselinetemplates *.tpl file named templatesnmptrap.txt available for exportation in XML, since templatesnmptrap.txt:is not considered as baselinetemplate.
It seems that the real error resulting from the CLI command that should have been displayed is:
no existing baseline template name templatesnmptrap.txt
So now, I need to find out what is the command line syntax to create the baseline template named templatesnmptrap.tpl and containing at least the configuration lines:
+ snmp-server host 192.168.38.2 public
+ snmp-server host 192.168.38.3 public
+ snmp-server host 192.168.38.35 public
Please note that I want to make many baseline templates containing different lines, for different devices categories, reason for command line creation mode, otherwise, alternative solution is to make global templates based on conditions like Prerequisite, Prerequisite-Commandset and SubMode lines in commandsets which might be time consuming....
Please advise if baseline templates can be created from command line.
Thanks and Regards,
Andre
10-20-2010 09:58 PM
You cannot create baseline templates from the CLI. You need to create those in the GUI.
10-22-2010 09:42 AM
Hello,
As mentionned in previous message, i will then use alternative solution:
make global templates based on conditions like Prerequisite, Prerequisite-Commandset and SubMode lines in commandsets which might be time consuming.
I have made the following template for test:
hsrp trap will be activated for sending only if standby line is present on the device
Template Name: MonitoringHSRPStep2templat
Name: Global SubMode: Yes isPrerequisite: Yes
Ordered : No Prerequisite-Commandset : none Parent: none
interface vlan 127
+ standby 127 ip 192.168.0.134
Name: SnmpserverEnableTrapsHsrp SubMode: No isPrerequisite: No
Ordered : No Prerequisite-Commandset : Global Parent: none
+ snmp-server enable traps hsrp
Compliance job result indicates 1 out of 1 Compliant for selected device:
Compliant Devices
Device Name Latest Version Created On
switch1 10 Oct 15 2010 20:35:01
althought line "snmp-server enable traps hsrp" is not present on the device
is there anything wrong making the job checking only the global configuration lines checking,
i.e. "interface vlan 127" and "standby 127 ip 192.168.0.134"
and not configuration line presence in SnmpserverEnableTrapsHsrp child ?
i.e "snmp-server enable traps hsrp"
Thanks in advance and regards,
Andre
10-22-2010 12:51 PM
Change your submode to:
interface Vlan127
Note there cannot be a space between "Vlan" and "127". That should work for you. If not, post the config from this device less any sensitive info.
10-27-2010 07:41 AM
Hello,
thanks for your return concerning space removing:
Althought this removing, compliance result is still not providing unmatching concerning line "+ snmp-server enable traps hsrp":
please find enclosed file device switch1 configuration, with confidential information removed (or changed).
10-27-2010 09:55 PM
Post the XML export of this compliance template.
10-28-2010 03:09 AM
Hello,
please find xml export enclosed.
One additionnal information:
If Global Command Sets is set to isPrerequisite:Yes,
and SnmpserverEnableTrapsHsrp is set with Prerequisite-Commandset : Global
result of Compliance Job is 1 out of 1 Compliant for switch1,
which is incorrect since snmp-server enable traps hsrp is not present in switch1 configuration
If Global Command Sets is set to isPrerequisite:No,
and SnmpserverEnableTrapsHsrp is set with Prerequisite-Commandset : none
result of Compliance Job is 0 out of 1 Compliant for switch1
Command(s) to Deploy is correctly mentionned:
+snmp-server enable traps hsrp |
Command sets contained in the template:
Name: Global SubMode: Yes isPrerequisite: Yes
Ordered : No Prerequisite-Commandset : none Parent: none
interface vlan127
+ standby 127 ip 192.168.0.134
Name: SnmpserverEnableTrapsHsrp SubMode: No isPrerequisite: No
Ordered : No Prerequisite-Commandset : Global Parent: none
+ snmp-server enable traps hsrp
The goal is to have this configuration line deployed only if hsrp is present checking that configuration line containing standby is present.
regards
10-28-2010 11:19 PM
10-29-2010 03:07 AM
Hello Joseph,
Thanks for your return.
I have imported the template MonitoringHSRPStep2template2.xml:
containing following lines:
Name: Global SubMode: Yes isPrerequisite: Yes
Ordered : No Prerequisite-Commandset : none Parent: none
interface Vlan127
+ standby 127 ip 192.168.0.134
Name: SnmpserverEnableTrapsHsrp SubMode: No isPrerequisite: No
Ordered : No Prerequisite-Commandset : Global Parent: none
+ snmp-server enable traps hsrp
result is the same: i.e. 1 out of 1 Compliant
It seems than case sensitvity was not the source of line +snmp-server enable traps hsrp unchecking,
since "interface Vlan127" or "interface vlan127" provides same result:
1 out of 1 Compliant.
It sounds that compliance templates management process (dcma BaseLineSearchHandler or cwconfig ?)
reacts the same way as IOS about case sensitivity and additional spaces,
i.e. it is reinterpreting characters to his convenience to make it match configuration sens.
regards,
Andre
10-29-2010 08:47 AM
I cannot reproduce. The last template I posted shows my 3560 with this config:
interface Vlan127
ip address 192.168.0.133 255.255.255.0
standby 127 ip 192.168.0.134
!snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps transceiver all
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps power-ethernet group 1
snmp-server enable traps power-ethernet police
snmp-server enable traps rep
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps bgp
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps event-manager
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps rtr
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
As being non-compliant due to the missing HSRP trap definition. I wonder if the config known to RME is not the same as the config on the device. Go to RME > Config Mgmt > Archive Mgmt > Version Tree and look at the latest config on your test device. Make sure it has the prerequisite Vlan configuration, and make sure it is missing the HSRP trap definition.
11-02-2010 10:25 AM
Hi Joseph,
We had to restart LMS server today:
since this restart, compliance job provides good result for condition +snmp-server enable traps hsrp missing
Now, uppercase or lowercase gives different result:
"interface Vlan127" provides result 0 out of 1 Compliant -> +snmp-server enable traps hsrp missing
"interface vlan127" provides result 1 out of 1 Compliant -> since this interface Vlan line does not exist
Thanks for your help,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide