cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3521
Views
0
Helpful
19
Replies

LMS4.2.2: Cannot do archive mgmt on Nexus 5K

Bart Mars
Level 1
Level 1

Hi,

I’m currently at a loss here:

In our organisation we have multiple Nexus 5000 switches, which Cisco LMS 4.2.2 cannot get the running-config and startup-config from with the Archive Management process. When it does try to get them, I get a error as follows:

*** Device Details for SF-DERA-01 ***

Protocol   ==> Unknown / Not Applicable

Selected Protocols with order ==>   TFTP,SSH,SCP

Execution Result:

RUNNING

CM0151 PRIMARY RUNNING Config fetch failed for   SF-DERA-01 Cause: Failed to fetch config using TFTPFailed to establish SSH   connection to 172.20.253.21 - Cause: Authentication failed on device 3 times.

Action: Check if protocol is supported by   device and required device package is installed. Check device credentials.   Increase timeout value, if required. Verify if firewall configuration permits   traffic from LMS to the device and vice versa for the protocols configured in   Admin > Collection Settings > Config > Config Transport Settings.

However, I have no problems when I try to login from our LMS server (GRNAP401) to the N5K switch. Our LMS server is the Appliance version. We have a user (lmsuser) for the LMS server that is configured on numerous switches, like Catalyst and other Nexus family switches. We only have this problem with the N5K switches.

[GRNAP401/root-ade ~]# ssh -l lmsuser 172.20.254.21

Password:

Last login: Fri Nov 23 12:40:50 2012 from grnap401.nms

Cisco Nexus Operating System (NX-OS) Software

TAC support: http://www.cisco.com/tac

Copyright (c) 2002-2012, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained in this software are

owned by other third parties and used and distributed under

license. Certain components of this software are licensed under

the GNU General Public License (GPL) version 2.0 or the GNU

Lesser General Public License (LGPL) Version 2.1. A copy of each

such license is available at

http://www.opensource.org/licenses/gpl-2.0.php and

http://www.opensource.org/licenses/lgpl-2.1.php

SF-DERB-01#

LMS has found this switch via the Discovery method, and has identified that it is a N5K-C5010P. I have the following device package:

13.

1.3.6.1.4.1.9.12.3.1.3.798

Cisco   Nexus 5010 Switch

Nexus

7.0

As far as I can tell, this is OK as a version.

I have more switches in the 172.20.254.0/24 subnet including other Nexus switches, so I can say that TFTP and SSH are working.

Can somebody help me with this?

Thanks in advance!

19 Replies 19

Do You  have verified the credentials used are correct ?

Monitor> Troubleshooting Tools> Troubleshooting Workflows

Tasks "check device credential"

By

Hi Ferraro,

I did as you asked, but with no success.

Device Name Read
Community
Read Write
Community
SNMPv3 Telnet Enable
by Telnet
SSH Enable
by SSH

SF-DERA-01OkOkNo Value To TestProtocol not configured.Did Not TryIncorrectDid Not Try

We do not use Telnet on our devices. However, we do use SSH and I checked that the LMS server can login into the SF-DERA-01 switch for its CLI.

I use the same user for all our network devices. I use only one Device Credential Set.

As a last resort, I used a username line of a working Cisco Nexus network device and pasted it in the SF-DERA-01, but with no success.

Could this be some sort of bug or am I missing something here?

From your screenshot "SSH" is incorrect.This is a problem i thinghs.

By

Emiliano

I understand that this seems to be the problem, that's the problem I'm having. I have the right credentials on the switch and in the Device Credentials Set. No other type of switch in our network has this problem, except for the Nexus 5000 series. All the other switches use exactly the same username and password.

Loggin in to the SF-DERA-01 via de Cisco LMS server with SSH works, so I find it hard te believe that this is a credentials problem.

Hi Bart,

Can you send me the Screen Shot when you login to the device , use PUTTY only. I want to see the PROMPTS ..

Are you using TACACS for Authentication on devices ?

Thanks

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Hi Afroz,

Here is the information you asked for:

Last login: Fri Nov 23 10:38:26 2012 from grnap100.nms

GRNAP401/sysadmin# shell

Enter shell password :

Starting shell...

[GRNAP401/root-ade ~]# ssh -l lmsuser 172.20.253.21

Password:

Last login: Mon Nov 26 12:43:35 2012 from grnap401.nms

Cisco Nexus Operating System (NX-OS) Software

TAC support: http://www.cisco.com/tac

Copyright (c) 2002-2012, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained in this software are

owned by other third parties and used and distributed under

license. Certain components of this software are licensed under

the GNU General Public License (GPL) version 2.0 or the GNU

Lesser General Public License (LGPL) Version 2.1. A copy of each

such license is available at

http://www.opensource.org/licenses/gpl-2.0.php and

http://www.opensource.org/licenses/lgpl-2.1.php

SF-DERA-01#

When logged into the device:

Last login: Mon Nov 26 12:43:35 2012 from grnap401.nms

Cisco Nexus Operating System (NX-OS) Software

TAC support: http://www.cisco.com/tac

Copyright (c) 2002-2012, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained in this software are

owned by other third parties and used and distributed under

license. Certain components of this software are licensed under

the GNU General Public License (GPL) version 2.0 or the GNU

Lesser General Public License (LGPL) Version 2.1. A copy of each

such license is available at

http://www.opensource.org/licenses/gpl-2.0.php and

http://www.opensource.org/licenses/lgpl-2.1.php

SF-DERA-01#

We use Cisco ACS 4.1 (RADIUS) for all network devices, but I also have the username locally in the network device configuration, if the ACS is not reachable.

Hi Bart,

I want the to see the prompts while you login to the device..

use ONLY Putty

Thanks

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Here are the screenshots you requested:

[banner not displayed here]

Hi Bart,

Edit this file  TACACSPROMPTS.in (location : NMSROOT\CSCOpx\objects\cmf\data)

file should look like this :

USERNAME_PROMPT=
PASSWORD_PROMPT=

Edit it as below

USERNAME_PROMPT=login as:
PASSWORD_PROMPT=Password:

after this run the device credential verfication and see if it is sucessful for your TELENET\SSH.
if it suceeded ,ran the sync archive and see how it works
Thanks
Afroz
Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Unfortunately, this is not working. Both the Device Credential Verification and sync archive fails. Have you got another idea how to solve this problem?

Hi Bart,

checked the attached screen shot and  Change the READ DELAY to 100 and then 300  ( if 100 did not work)

go to  Admin > Collection Settings > Inventory > Edit the Inventory/Config Timeout and Retry Settings

select the Nexus device > edit device attribute > Inline Edit

Thanks

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Hi Afroz,

Still no luck, I'm afraid. I'm still getting the same error:

Device Name Read
Community
Read Write
Community
SNMPv3 Telnet Enable
by Telnet
SSH Enable
by SSH

SF-DERA-01OkOkNo Value To TestProtocol not configured.Did Not TryIncorrectDid Not Try

rogerbeer
Level 1
Level 1

bart,

i had the same issue with cattools; the problem appeared after an NXOS upgrade which changed the text displayed after the motd banner. specifically the Last login:... line which makes the script reacting as if it had to send the credentials all over again

Last login: Fri Nov 23 12:40:50 2012 from grnap401.nms

try and figure out how to ommit this phrase; in cattools it was a simple checkmark which had to be disabled.

regards

roger

Hi Roger,

I have no idea how to correct this in LMS. As far as I know, there is no option to correct this.

I also contacted our supplier with this question and they stated that the Nexus portfolio is only supported for Fault Management and Network Topology Layer 2:

http://www.cisco.com/en/US/partner/docs/net_mgmt/ciscoworks_lan_management_solution/4.2.2/device_support/table/lms422sdt.html

I find this hard to believe, as we are running a couple of Cisco Nexus 7000 switches which Archive Management can easily extract the running-config and startup-config from. Why this seems impossible for the Nexus 5000 switches, is beyond me.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco