11-23-2012 04:07 AM
Hi,
I’m currently at a loss here:
In our organisation we have multiple Nexus 5000 switches, which Cisco LMS 4.2.2 cannot get the running-config and startup-config from with the Archive Management process. When it does try to get them, I get a error as follows:
*** Device Details for SF-DERA-01 *** |
Protocol ==> Unknown / Not Applicable |
Selected Protocols with order ==> TFTP,SSH,SCP |
Execution Result: |
RUNNING |
CM0151 PRIMARY RUNNING Config fetch failed for SF-DERA-01 Cause: Failed to fetch config using TFTPFailed to establish SSH connection to 172.20.253.21 - Cause: Authentication failed on device 3 times. |
Action: Check if protocol is supported by device and required device package is installed. Check device credentials. Increase timeout value, if required. Verify if firewall configuration permits traffic from LMS to the device and vice versa for the protocols configured in Admin > Collection Settings > Config > Config Transport Settings. |
However, I have no problems when I try to login from our LMS server (GRNAP401) to the N5K switch. Our LMS server is the Appliance version. We have a user (lmsuser) for the LMS server that is configured on numerous switches, like Catalyst and other Nexus family switches. We only have this problem with the N5K switches.
[GRNAP401/root-ade ~]# ssh -l lmsuser 172.20.254.21
Password:
Last login: Fri Nov 23 12:40:50 2012 from grnap401.nms
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2012, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
SF-DERB-01#
LMS has found this switch via the Discovery method, and has identified that it is a N5K-C5010P. I have the following device package:
13. | 1.3.6.1.4.1.9.12.3.1.3.798 | Cisco Nexus 5010 Switch | Nexus | 7.0 |
As far as I can tell, this is OK as a version.
I have more switches in the 172.20.254.0/24 subnet including other Nexus switches, so I can say that TFTP and SSH are working.
Can somebody help me with this?
Thanks in advance!
11-23-2012 09:20 AM
Do You have verified the credentials used are correct ?
Monitor> Troubleshooting Tools> Troubleshooting Workflows
Tasks "check device credential"
By
11-26-2012 12:22 AM
Hi Ferraro,
I did as you asked, but with no success.
Device Name | Read Community | Read Write Community | SNMPv3 | Telnet | Enable by Telnet | SSH | Enable by SSH |
SF-DERA-01 | Ok | Ok | No Value To Test | Protocol not configured. | Did Not Try | Incorrect | Did Not Try |
We do not use Telnet on our devices. However, we do use SSH and I checked that the LMS server can login into the SF-DERA-01 switch for its CLI.
I use the same user for all our network devices. I use only one Device Credential Set.
As a last resort, I used a username line of a working Cisco Nexus network device and pasted it in the SF-DERA-01, but with no success.
Could this be some sort of bug or am I missing something here?
11-26-2012 05:14 AM
From your screenshot "SSH" is incorrect.This is a problem i thinghs.
By
Emiliano
11-26-2012 05:22 AM
I understand that this seems to be the problem, that's the problem I'm having. I have the right credentials on the switch and in the Device Credentials Set. No other type of switch in our network has this problem, except for the Nexus 5000 series. All the other switches use exactly the same username and password.
Loggin in to the SF-DERA-01 via de Cisco LMS server with SSH works, so I find it hard te believe that this is a credentials problem.
11-26-2012 05:37 AM
Hi Bart,
Can you send me the Screen Shot when you login to the device , use PUTTY only. I want to see the PROMPTS ..
Are you using TACACS for Authentication on devices ?
Thanks
Afroz
11-26-2012 05:50 AM
Hi Afroz,
Here is the information you asked for:
Last login: Fri Nov 23 10:38:26 2012 from grnap100.nms
GRNAP401/sysadmin# shell
Enter shell password :
Starting shell...
[GRNAP401/root-ade ~]# ssh -l lmsuser 172.20.253.21
Password:
Last login: Mon Nov 26 12:43:35 2012 from grnap401.nms
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2012, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
SF-DERA-01#
When logged into the device:
Last login: Mon Nov 26 12:43:35 2012 from grnap401.nms
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2012, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
SF-DERA-01#
We use Cisco ACS 4.1 (RADIUS) for all network devices, but I also have the username locally in the network device configuration, if the ACS is not reachable.
11-26-2012 07:05 AM
Hi Bart,
I want the to see the prompts while you login to the device..
use ONLY Putty
Thanks
Afroz
11-26-2012 07:12 AM
Here are the screenshots you requested:
[banner not displayed here]
11-26-2012 07:27 AM
Hi Bart,
Edit this file TACACSPROMPTS.in (location : NMSROOT\CSCOpx\objects\cmf\data)
file should look like this :
USERNAME_PROMPT= PASSWORD_PROMPT=
Edit it as below
USERNAME_PROMPT=login as: PASSWORD_PROMPT=Password:
after this run the device credential verfication and see if it is sucessful for your TELENET\SSH.
if it suceeded ,ran the sync archive and see how it works
Thanks
Afroz
11-27-2012 04:44 AM
Unfortunately, this is not working. Both the Device Credential Verification and sync archive fails. Have you got another idea how to solve this problem?
11-27-2012 05:01 AM
Hi Bart,
checked the attached screen shot and Change the READ DELAY to 100 and then 300 ( if 100 did not work)
go to Admin > Collection Settings > Inventory > Edit the Inventory/Config Timeout and Retry Settings
select the Nexus device > edit device attribute > Inline Edit
Thanks
Afroz
11-27-2012 05:58 AM
Hi Afroz,
Still no luck, I'm afraid. I'm still getting the same error:
Device Name | Read Community | Read Write Community | SNMPv3 | Telnet | Enable by Telnet | SSH | Enable by SSH |
SF-DERA-01 | Ok | Ok | No Value To Test | Protocol not configured. | Did Not Try | Incorrect | Did Not Try |
11-30-2012 06:40 AM
bart,
i had the same issue with cattools; the problem appeared after an NXOS upgrade which changed the text displayed after the motd banner. specifically the Last login:... line which makes the script reacting as if it had to send the credentials all over again
Last login: Fri Nov 23 12:40:50 2012 from grnap401.nms
try and figure out how to ommit this phrase; in cattools it was a simple checkmark which had to be disabled.
regards
roger
12-04-2012 01:59 AM
Hi Roger,
I have no idea how to correct this in LMS. As far as I know, there is no option to correct this.
I also contacted our supplier with this question and they stated that the Nexus portfolio is only supported for Fault Management and Network Topology Layer 2:
I find this hard to believe, as we are running a couple of Cisco Nexus 7000 switches which Archive Management can easily extract the running-config and startup-config from. Why this seems impossible for the Nexus 5000 switches, is beyond me.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide