Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1599
Views
0
Helpful
4
Replies

Prime infrastructure 3.4 software image

milad.eslahchi
Level 1
Level 1

‎10-27-2018 11:33 PM

Hi everyone

we have Cisco prime infrastructure 3.4 installed in our organization. snmp v3 and ssh is configured on devices(Switches and routers) and PI. snmp access and ssh access from PI to devices are set and everything works fine and all devices are displayed with "Managed" label and green checkbox in inventory menu. The problem that drives me crazy is that when PI wants to grab IOS image from devices it has different behavior. In PI Software Image Management is configured as below:

Transfer protocol: SCP

Connection protocol: SSH

A user with privilege 15 with name of "prime" is configured for SSH connection.

AAA  and SNMP parameters are exactly the same on all devices  

here is the problem:

When PI connects to 2951 routers to grab IOS image, "prime" user logs in the router and perform below command:

copy flash://XXXX.bin scp://A.B.C.D (PI ip address) 

When PI connects to N5K switches to grab NX-OS image, "Prime" user logs in the switch and performs this command:

scp -f bootflash://XXX.bin

when PI connects to 6500, 4500, 3750, 2960 switches or 1001 ASR router, to grab IOS image, "Prime" user DOESN'T perform any command on devices but IOS image receives successfully.

Why does PI show different behavior toward different devices?

 

SNMP CONFIGURATION ON DEVICES:

snmp-server view prime-view iso included

snmp-server group prime-grp v3 priv write prime-view

snmp-server user prime-usr prime-grp v3 auth md5 XXX priv aes-128 YYY

snmp-server host A.B.C.D version 3 priv prime-usr

Labels:
0 Helpful
4 Replies 4

marce1000
VIP
VIP

‎10-28-2018 12:32 AM

- I can only assume that Prime takes into accoutn the device-family's capabilities and retrieves IOS accordingly. Perhaps for more advanced devices the IOS is retrieve using SNMP (CISCO copy config MIB, as far as I can remember currently). So as long as it works, things are  probably not worrysome.

M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

milad.eslahchi
Level 1
Level 1
In response to marce1000

‎10-28-2018 12:52 AM - edited ‎10-28-2018 12:53 AM

Dear @marce1000
the problem is that our security policy doesn't allow SSH from devices to PI. Therefore command: Copy flash://XXX.bin scp:// can't be successfully applied.

0 Helpful

marce1000
VIP
VIP
In response to milad.eslahchi

‎10-28-2018 03:47 AM

 

 - Then your security policy is wrong ; I mean if you acquire PI to manager your CISCO devices it needs to be incorporated into the security policy. Otherwise the investment makes no sense (if the  security policy would be that strong). Usually the PI server will have a 'steady' IP address  , including the switches (too). Hence the needed comm activity between PI and the switches should be incorporated into the security policies.

M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

milad.eslahchi
Level 1
Level 1
In response to marce1000

‎10-28-2018 04:19 AM

@marce1000
my question is not answered yet. Why prime behavior is different toward different platforms?
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents