cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4796
Views
6
Helpful
13
Replies

CAA - Having trouble starting a switch health assessment

John Vincent
Level 1
Level 1

I am having trouble starting a Switching Health assessment in CAA after discovering some of our switches...  We have a 3 tier design (4500 Cores ---> 4500 Distribution Layer ---> 3850 Access Layer switches.  I'm not able to select any switches from the drop down list.  they are all greyed out, with a message stating "Must rescan device".  Please see attached.

Also, I'm not able to select anything for the core level...  Is that because our 4500 model isn't a supported "core switch"?  I did also try just going to a 2 tier, and that didn't work either :-(

Thanks in advance for any assistance!

CAA_Issue.JPG

1 Accepted Solution

Accepted Solutions

Hi John,

We have looked at your log file and we can see the connection being made for the SSH connection but it looks like the login is failing. There are a few things that can cause that, one is a timeout, two is it is not a valid user/pass or not a level 15 and no enable password is available.

See this link to a page on our Cisco Active Advisor FAQ and Help page:

https://caa.freshdesk.com/solution/articles/5000010209-why-is-the-scanner-not-able-to-log-into-my-devices-

Make sure you are supplying a level 15 username/password, if not then an enable password also needs to be supplied. Also please adjust the timeout values to give it more time to login in.

If you could try and scan a device or two and see if it works. If not then please get us an updated log file.

Let me know how it works out,

Rowan McFarland

View solution in original post

13 Replies 13

Efrat Noy
Cisco Employee
Cisco Employee

Hello John,

Rescanning the devices is needed when CAA doesn't have complete information about the device, or enough information to process the Best Practices analysis.

These cases could occur when devices were discovered via SNMP, or via a file upload.

It could also be that these devices were scanned a while ago, so not all necessary information was collected at that time. When launching the Best Practices analysis, we've added more capability into the scanner, in order to support appropriate data collection.

I'd suggest you run a quick rescan of the devices that are missing information. It should not take very long to do, and you'd get the most updated information into your account.

I hope this helps. If not, please let me know.

Thanks,

Efrat

Hello Efrat,

Thanks for the info! How do I initiate a rescan?

Hi John,

Very simple.

  1. Go into your account on Active Advisor.
  2. From the Home screen click "Add Devices"
  3. Enter the IP addresses of the devices/IP range you'd like to rescan, and those devices' login credentials.
  4. Click "Scan my Network"
  5. Let the scanner run. Results will show on the page as they become available.

Once your devices are rescanned, you'd be able to run the switching best practices assessment as well.

You can also find many valuable articles on the scanning process on the CAA's help portal here: https://help.ciscoactiveadvisor.com/support/solutions/folders/5000039305

Please let me know if this works.

Thanks,

Efrat

I may have answered my own question ☺

I just kicked off another scan of the same IP ranges that I have in CAA now. I tried this before, but I had deleted the switches first to see if that would help. I’ll let you know how I make out.

Thanks!

JV

OK, cool. I think we crossed our answers

Let me know how it goes.

No go so far… I have rescanned my switches twice, but still not able to select them from the health check. Let me know if there is any more info that I could collect for you to help me out. ☺

Thanks again for the assistance thus far!

JV

Unfortunately when you scan your devices in using SNMP we are unable to collect the information we need to preform the health checks. SNMP only gives us some very basic information about the device and it takes more than that for the health checks. Same thing goes for manual input (via CSV or Excel)

If you rescan the devices without using SNMP it can then collect the devices configuration information that is needed. You will then be able to select the devices in the health checks.

You are correct, currently the 4500 switches are not supported as a core devices. Once the team that wrote the CVD supports this configuration we will support it as well. In the mean time check out the following links on exactly what devices are supported.

https://caa.freshdesk.com/solution/articles/5000641827-how-do-i-use-the-switching-best-practices-feature-

https://caa.freshdesk.com/solution/articles/13000002673-how-do-i-use-the-security-best-practices-feature-

Rowan McFarland

Rowan, thank you for the information.

When I try to scan the same range of IPs that I have been using with SNMP turned off, all of my devices come back as “unreachable”. I know that username/pwd that I am inputting is correct. Any thoughts on why my switches can’t be seen when SNMP is turned off?

So there are a few things to check.

First try to scan in a single IP address and see if that works. We have had a problem with the scanner missing devices when it scans an IP range. By scanning a single IP address this will tell us if you are running into this problem.

Second, try to ssh or telnet info one of your devices from your PC. This will verify that the path is fully open, could be that those types of connections may be blocked and the SNMP ports are not.

Also if you are still having problems please get me your log file to look at.

The log file is usually located in C:\Users\<UserName>\ActiveAdvisor.log or /Users/<UserName>/ActiveAdvisor.log (MAC)


You might want to open up a trouble ticket with us, it will also allow you to send us the log file.


Thanks,


Rowan McFarland

Attached is copy of my log file (zipped). I did try to scan just the single IP, and had the same issue. I can SSH from my PC to these devices with no issues.

HI John,

We are checking this internally. Rowan, I or someone else from our team will get back to you following our analysis.

Thanks,

Efrat

Great, thanks Efrat!!

JV

Hi John,

We have looked at your log file and we can see the connection being made for the SSH connection but it looks like the login is failing. There are a few things that can cause that, one is a timeout, two is it is not a valid user/pass or not a level 15 and no enable password is available.

See this link to a page on our Cisco Active Advisor FAQ and Help page:

https://caa.freshdesk.com/solution/articles/5000010209-why-is-the-scanner-not-able-to-log-into-my-devices-

Make sure you are supplying a level 15 username/password, if not then an enable password also needs to be supplied. Also please adjust the timeout values to give it more time to login in.

If you could try and scan a device or two and see if it works. If not then please get us an updated log file.

Let me know how it works out,

Rowan McFarland

Review Cisco Networking for a $25 gift card