cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1168
Views
0
Helpful
4
Replies
milad.eslahchi
Beginner

Prime infrastructure 3.4 software image

Hi everyone

we have Cisco prime infrastructure 3.4 installed in our organization. snmp v3 and ssh is configured on devices(Switches and routers) and PI. snmp access and ssh access from PI to devices are set and everything works fine and all devices are displayed with "Managed" label and green checkbox in inventory menu. The problem that drives me crazy is that when PI wants to grab IOS image from devices it has different behavior. In PI Software Image Management is configured as below:

Transfer protocol: SCP

Connection protocol: SSH

A user with privilege 15 with name of "prime" is configured for SSH connection.

AAA  and SNMP parameters are exactly the same on all devices  

here is the problem:

When PI connects to 2951 routers to grab IOS image, "prime" user logs in the router and perform below command:

copy flash://XXXX.bin scp://A.B.C.D (PI ip address) 

When PI connects to N5K switches to grab NX-OS image, "Prime" user logs in the switch and performs this command:

scp -f bootflash://XXX.bin

when PI connects to 6500, 4500, 3750, 2960 switches or 1001 ASR router, to grab IOS image, "Prime" user DOESN'T perform any command on devices but IOS image receives successfully.

Why does PI show different behavior toward different devices?

 

SNMP CONFIGURATION ON DEVICES:

snmp-server view prime-view iso included

snmp-server group prime-grp v3 priv write prime-view

snmp-server user prime-usr prime-grp v3 auth md5 XXX priv aes-128 YYY

snmp-server host A.B.C.D version 3 priv prime-usr

4 REPLIES 4
marce1000
VIP Advisor

- I can only assume that Prime takes into accoutn the device-family's capabilities and retrieves IOS accordingly. Perhaps for more advanced devices the IOS is retrieve using SNMP (CISCO copy config MIB, as far as I can remember currently). So as long as it works, things are  probably not worrysome.

M.

Dear @marce1000
the problem is that our security policy doesn't allow SSH from devices to PI. Therefore command: Copy flash://XXX.bin scp:// can't be successfully applied.

 

 - Then your security policy is wrong ; I mean if you acquire PI to manager your CISCO devices it needs to be incorporated into the security policy. Otherwise the investment makes no sense (if the  security policy would be that strong). Usually the PI server will have a 'steady' IP address  , including the switches (too). Hence the needed comm activity between PI and the switches should be incorporated into the security policies.

M.

@marce1000
my question is not answered yet. Why prime behavior is different toward different platforms?
Content for Community-Ad