I have a number of devices such as Cisco Call Manager, or Cisco Wireless Controllers, etc that I want to remain in DCR but would like to exclude from the Config Archive process. Is there any way of excluding an individual device from this process?
Iam using LMS 3.2. In short, there is 2 type of router, 2800series and 2900series. These device already join to TACACS server. When I try to sync archive I got:
- failed on 2900series - successful on 2800series
I have doing same config (credential, snmp, protocol for sync archive), for those device on ciscoworks but why I find the error??
I'm having trouble syncing the config archive for some of my nodes.
I get the error 'partially successful' (see attatched PNG).
I've looked in the dcmaservice.log (also attatched), and I can see the extended error message:
[ Wed Jan 11 09:49:30 CET 2012 ],ERROR,[Thread-2137],com.cisco.nm.rmeng.dcma.configmanager.DeviceArchiveManager,getLatestConfigFileVersion,168,CM0021: Version does not exist in archive $1 Cause: Version may have been deleted [ Wed Jan 11 09:49:30 CET 2012 ],INFO ,[Thread-2137],com.cisco.nm.rmeng.dcma.configmanager.DeviceArchiveManager,getSysObjectID,425,SYS OID
I would like to check the file structure / permissions, but since I don't know what '$1' refers to, I'm stuck.
I have to config Lawful Intercept on 7600, IOS version 12.2(33)SRC6. Every step have be taken by "Cisco 7600 Lawful Intercept Configuration Guide".Such as: [code] So, config failed? or these objests should be created? or something?
If i connected the latop to brand new out of the box ASA 5505 through consloe cable and i have a config file on this laptop from other ASA5505, is there anyway i can upload that config file into startup-config of this new ASA5505 through console cable, without using TFTP or FTP?
I have a Cisco 2811 router and when I turn of the router the running config is lost. I have to the following to get the router running of the start-up config settings.
we have an LMS 3.2 in which it cannot archive the configuration for a couple of routers. The output is the following:
Failed to fetch the configuration. Check the dcmaservice.log for details. TELNET: Failed to establish TELNET connection to x.x.x.x - Cause: connect timed out.
The issue is that i have configured all devices to be accessed through SSH first and then through telnet. I have tested SSH access from LMS with putty.
I have a not-so newly installed LMS4.2 Linux appliance. Here is my configuration archive summary:
Config Archival Status No. of Devices Successful 7 Failed 1338 Partially Successful0 Total1345 Configuration Never Collected 1338
[Code].....
Which seems to mean that SSH does not work, which is false as I manually connects to the device from the LMS host successfully. Network devices access is authenticated against ACS servers using TACACS+ so there should be no problem with credential discrepency here.
I have a question about a daily archive sync job. I have the job set to run by device type groups. My question is, when I delete or add devices, will they automatically be added to the job?
I beleive in the past these devices could not be managed bij RME config management, but now it says in the supported device table:The following features are supported:Network Topology Layer 2 ServicesFault ManagementInventory CollectionConfiguration Deploy Protocols: TELNET, SSH, TFTP, RCPConfiguration Fetch Protocols: TELNET, SSH, TFTP, RCP.The password and enable pasword are correct and simply work when I try a telnet from the server.The gui is not CLI but menu driven.RME just says:TELNET: Failed to establish TELNET connection to 10.1.1.7 - Cause: Authentication failed on device 3 times. PRIMARY-RUNNING config Fetch Operation failed for TFTP. Could not detect SSH protocols running on the device.
I've inherited a server running Ciscoworks LMS 4.0 to manage our plethora of switches. Running 'Configuration > Configuration Archive > Synchronization' against a Catalyst 3750 switch called switch1 successfully retrieved the Running, Startup, and VLAN configs.Running the same command the following day on switch1 failed and returned this in the job execution result:Unable to get results of job execution for device. Retry the job after increasing the job result wait time using the option:Admin > Collection Settings > Config > Config Job Timeout Settings I modified the job result wait time setting to be 600 seconds, tried again and received the same timeout failure. I have also seen this same Failed message on other devices, but have never actually received the configs for them, so I feel switch1 is a better place to start.What are the first things I should check in CiscoWorks for a problem like this? Is there a particular software revision I should be on with LMS 4.0? What timeout value should be used for Archive Synchronization?
I am getting some weir behaviour in my LMS 4.2 setup. I am doing and Archiveupdate job and am receiving a partial success for roughly 1400 devices. Here is some output.
Execution Result: STARTUP CM0057 PRIMARY STARTUP Config fetch SUCCESS, archival failed for xxxxxx Cause: CM0210 Unable to generate processed config Action: Verify that archive exists for device. RUNNING
[code]...
I went on and checked the dcmaservice log file.I found the following entry at the same time of this particulair job
ERROR,[Thread-72920],com.cisco.nm.xms.xdi.pkgs.SharedDcmaIOS.analyzer.IOSConfigletRules,loadRules,42,Could not locate configlet rule file : com/cisco/nm/xms/xdi/pkgs/SharedDcmaIOS/analyzer/IOSConfigletRules.ser [ date taken out ],ERROR,[Thread-72920],com.cisco.nm.rmeng.dcma.configmanager.DeviceArchiveManager,archiveNewVersionIfNeeded,1115,CM0210 Unable to generate processed config
I then searched if I had the IOSConfigletRules.set file on the box. And no it is not there. My question is this the reasson that I have som manny partial sucess archive results?
In our organisation we have multiple Nexus 5000 switches, which Cisco LMS 4.2.2 cannot get the running-config and startup-config from with the Archive Management process. When it does try to get them, I get a error as follows:
*** Device Details for SF-DERA-01 *** Protocol ==> Unknown / Not Applicable Selected Protocols with order ==> TFTP,SSH,SCP
I am having Cisco 3845 series router with c3900-universalk9-mz.SPA.151-4.M2.bin IOS . I want to install new Licence on it for DATA. When i am trying to install licence on it i am facing the error "% Error: License installation failed with error: XML parsing failed".
On our cisco 3750 switches we can take config backups with the archive command. After every "write mem" it rights the config to our backup server. We would like to do this also for our asa 5520 with version 8.2(2). I also searched in the command reference guide, but I can't seem to find the proper command to do it.
The bootloader used by the device is U-Boot, which is also licensed under the terms of the GPL. Sadly these parts are missing from the source code package provided by D-Link. Therefore I am asking you to add the U-Boot sources to the provided archive or post them here in the forum.
I'm trying to do configuration archiving in Prime Infrastructure 1.2 with a 5508 WLC (7.4).The job always fails (Admin -> Background Jobs) with the following error (see attachement):"SNMP: Failed to establish SNMP connection xxxx - Cause: Device is Unreachable. Check the ReadOnly community string." I double checked the SNMP credentials, they do match. For testing I also added a Public community just for the PI. Same result.Am I missing something?Is this not intended for Wireless Controllers?
I can't install or extract any file or archive downloaded through shared connection from the 1st PC via a LAN ... tried new LAN and tried switch the LANs but doesn't work always a CRC error when extract an archive or file corrupted when install anything downloaded:this is what I tried so far
-tried download and extract on a 2nd installed windows (I have dual boot) and its same CRC error -tried another non built-in LAN card pci-E x1 and its the same CRC error -tried restore bios to default and its same CRC error -tried putting a laptop on the same line instead of my PC and it works no errors no problems
Currently my home network is being switched via TrendNet TEGs80G unmanaged gig switches. I have been using them for about a year now with no issues. As my home network becomes more advanced, I recently just added a Cisco ASA5505, I am thinking about swapping those unmanaged devices, 4 of them, to managed. I was looking at the Cisco SG300-10 for upstairs, and a 16 port variant for my main core. These devices do not support full Cisco IOS cli, but they are manageable with a rich feature set nonetheless. My question is, should I swap the unmanaged devices with the more expensive Cisco devices, or just keep what works and save the money until I really need to spend it. As previously stated, my home LAN works just fine as it is, however my WiFi, NTV550s, server and workstations are all on the same network. Probably not the most secure but it is what it is without VLAN support.
I have installed my new E4200 and it works beautifully. I have several wirelss adapters and a few wired connections through powerline adapters. I also have a second VPN router attached to the 4200.I can see the wireless connected devices with the associated IP addresses. If I plug a laptop directly into the Cisco, I can of course see it.However, I can see none of the devices attatched to the powerline devices? I have a securty cam connected via the powerline and want to know the IP address. I checked with cisco technical support via chat and they said it is impossible. I have used 2 previous routers with the same configuration and can see all devices.
All of a sudden my laptop, android phone and blu ray player (all wireless devices) can't communicate with my wired devices (marantz receiver and samsung tv). Everything still connects to the internet independently but i can't for instance play music from my wireless laptop to my wired marantz receiver. I had no trouble with this last week and didn't change anything (that I'm aware of) I did get Verizon to switch out my router but it didn't solve anything. My wife's computer also cannot connect to wired devices. Lastly, if I connect my laptop with via ethernet cable it sees wired devices fine. I tried shutting off windows firewall but didn't work. I have no other firewall/virus software installed. I can ping to all devices (wired and wireless) from my laptop.
I'm running into and interesting issue concerning a twice NAT config.
We have a remote site that needs to connect to a server cluster on our end. Using ASDM I have created a NAT rule that uses PAT to map our server addresses to a single IP (this is due to constraints placed on us by the remote site). This in and of itself shouldn't be a problem. The issue is that the VPN tunnel won't come up unless I also map an address to the remote site's sever.
Original Packet: Source Interface: inside Destination Interface: outside Source Address: Server_Cluster Destination Address: Remote_Server Service: any
Translated Packet: Source NAT Type: Dynamic PAT (Hide) Source Address: Mapped_Server_Cluster_Address Destination Address: Mapped_Remote_Server_Address Service: -- Original --
Within the Translated Packet section, if I set Destination Address to the actual remote server address nothing happens when I attempt to bring up the tunnel. However, if I map an address to the remote server, the tunnel begins to come up and then fails during phase two (as the mapped address doesn't match the addressing that has been defined in the remote end's connection profile).
Initially I thought the issue may be due to an IP addressing overlap since both sites are running similar numbers, but the default route statement on our ASA, should contend with this issue. Also, each time I change the NAT rule, I change the connection profile to match those changes.
So, ultimately, what I wish to accomplish is to allow connectivity between my site and the remote site without having to map another address to their remote server. How may I do this?
I have 2 office buildings using Cisco 800 series routers with a L2L VPN between both. I'm upgrading the router to an ASA5505 at one of the offices but can't figure out the L2L VPN on the ASA. Specifically, can't figure out how to set the pre-shared key. On the Cisco 800 it's:That doesn't seem to work on the ASA. Here is my current config on the Cisco 800. [code]
My understanding from the old config file was that any traffic coming from source 10.130.101.2 to destination 10.132.102.0 would NOT be translated and this shall remain the same in 8.4.How can I rewrote the NAT commands?
How do I turn off "logging esm config"? I tried conft no logging esm config and that worked for the moment, but when the switch reboots, or I run reload, it comes back.What does that do anyway? This switch was giving an out of memory error and seemed to be flooded with messages, so I trying to turn logging off/lower the log level.