Solved: Re: Prime infrastructure 3.1 switchport description problem

NetworKing16 · ‎09-27-2017

I am still figuring out how to use prime 3.1 having never used anything like this before to speak of. I setup my switches with SNMPv3 using encrypted auth and privacy. Prime discovers or adds devices no real issue once configured with the needed SNMP info, and prime has a credential profile it can pull from. ?

I decided to start to do some testing of configuration changes today and ran into some issues. The first thing I did was go into the switch in our I.T shop to do some practice/test config changes using prime. I decided to modify my description on the uplink to our core switch. When I hit save the phones in the room went offline and I lost contact to the switch by the managment VLAN. I consoled into the switch and found somehow the VLANs on the uplink port were all purged when I saved the prime change even though I just left the VLAN settings alone that it had discovered.

I decided to test more by changing the description on a port with a phone on it and there was never issue with the phone going offline. I did find though when I put in a description in prime it does not seem to actally commit evne though it says it was saved in prime. I was hoping, but maybe wrong that this would change the port description on the switch also. It does not show in the switch side htough, and if the connected device is disconnected the description is purged from prime.

My SNMP setup is fairly simple 1 snmp group, 1 snmp user, different auth, priv passwords, using SHA and AES 128 alorithms. I have one CLI user created using the normal username secret command. All of the usernames, passwords are in prime also in a credential profile. This particular device I think I put in manually though.

I am starting to wonder if maybe prime has some fields that arn't really replicated to the switch, and/or even changed to persist through connection loss, etc. My other htought is maybe because I didn't do anything with SNMP view, MIB settings, etc maybe there is some issue where prime is just un-able to write to the switch propperly to save some of these settings.

Any ideas, the PI 3.1 admin book and userguide didn't seem to have anything regarding switchport descriptions. Any ideas what could be going on? Thank you!

Bill Longman · ‎09-28-2017

I don't think it's a CLI user issue, then, because like you showed above, you have sufficient authority and your other changes do work. You might want to open a TAC case to investigate further. The obvious sources don't seem to be relevant.

View solution in original post

Bill Longman · ‎09-27-2017

What kind of switch are you trying to configure? Which version is the OS on it? What exactly did you use to create the configuration changes? I'm assuming the user that you have configured has level 15 access.

That would help us to help you.

NetworKing16 · ‎09-28-2017

Cat 3850 switch
IOS XE? Version 03.06.05E RELEASE SOFTWARE

I made the console user with username secret command, did not specify privilige level for that.
I did not specify any SNMP views, MIB permisions, or any restrictions for SNMP user.

I don't see how to verify privilege level for these other users.

NetworKing16 · ‎09-28-2017

I logged in as the CLI user and did show priv it showed a privlege level of 15. I am not sure yet how to verify the SNMP profiles access levels. Being new to using this type NMS setup I don't know what parts use CNMP and what the CLI user is for in prime. I know SNMP can do a lot so I would guess the CLI user is more a backup connection, or maybe for doing scripts, etc.

NetworKing16 · ‎09-28-2017

#show snmp u

User name: YYY
Engine ID: ########################
storage-type: nonvolatile active
Authentication Protocol: SHA
Privacy Protocol: AES128
Group-name: XXXX

#show snmp group
groupname: XXXX security model:v3 priv
contextname: <no context specified> storage-type: nonvolatile
readview : v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active

This is where I suspect my issue may be, but I can change vlans o na trunk with no issue on the same port, but somehow the description part is being a problem. Also the issue where the uplink trunk somehow purged it's VLANs makes me fairly nervous about my setup or using prime to modify configs.

Bill Longman · ‎09-28-2017

The CLI user is the one that PI will use for making the configuration changes. The SNMP user will be used for collection of device status and data.

NetworKing16 · ‎09-28-2017

Should I investigate the CLI user then as a possible issue? I can change soem settings, but the description part seems to be what don't save for some reason. I thought maybe it was just issue of character limit, etc but I put in "test" (all lower case) in the description and it still purged somehow so I don't think it is limit with prime or the switch not accepting it. It seems to be issue with the change writing to the switch as the switch never seems to show the new info even after like 5-10 minutes when I do show interface description on the port I modified.

Bill Longman · ‎09-28-2017

I don't think it's a CLI user issue, then, because like you showed above, you have sufficient authority and your other changes do work. You might want to open a TAC case to investigate further. The obvious sources don't seem to be relevant.

NetworKing16 · ‎09-28-2017