Cisco Switching/Routing :: N5000 Possible Impacts Of Resync Database
Aug 23, 2011
Are there any harmful / unwanted impacts of executing resync-database on N5K? That command seems to be undocumented in the regular Nexus documentation but is mentioned here. Because I'm facing a similar issue it seems to be the solution, but I can't find any document mentioning possible impacts of running this command. Anypossible harmful impacts, such as disrupting the traffic flow or messing up the running-config, of running this command?
i am running NX-OS image n5000-uk9.5.1.3.N1.1.bin on the nexus 5020 platform.i have configured authorization with tacacs+ on ACS server version 5.2 with fall back to switch local database.a user test with priv 15 is craeted on ACS server, password test2 everything works fine, until i create the same username on the local database with privilege 0. ( it doesnt matter if the user in local database was created before user in ACS or after ) e.g.: username test password test1 role priv-0 (note passwords are different for users in both databases)
after i create the same user in local database with privilege 0,if i try to connect to the switch with this username test and password defined on ACS, i get only privilege 0 authorization, regardless, that ACS server is up and it should be primary way to authenticate and authorizate the user.
spam up the boards with the same basic CCNA level stuff, but I have a couple of questions about ios differences, limitations, and references. I have the following three switches. One appears to be considerably dated in regard to software version. My confusion/ignorance stems from managing VTP settings.
When I set either 2950 switch as the VTP server, and the other as a client, the client inherits the server settings as expected. However the 2924 requires that I go into the vlan database from priv exec and manually set vtp client. That's pretty similar to setting any switch to client mode. The problem I am observing is that after setting the 2924 to client, it still doesn't inherit vtp version settings or pruning settings. I still have to manually configure those. Additionally, if I copy run start the 2924 after making these manual settings, and then reload the switch, all the settings are lost and it defaults back to server mode with all features disabled. From my searches, it looks like vlan information is stored in vlan.dat, but all the documentation I've found is on 12.1 ios which doesn't appear to use vlan database for vtp setup, meaning it might still be an issue, but not one I'm focused on at the moment.
Is the vlan database dumped at reload? I've read vlan.dat is stored in nvram and should be saved after a copy run start, but that is not the case for me.I have since set the 2924 as the server, manually configured the server from vlan database, executed copy run start, and reloaded the switch. Oddly, my manual settings saved from the reload, meaning I only lose settings when the switch is in client mode.Am I missing additional necessary client commands to save the config, or is this just a limitation of either the 2924XL or the 12.0 ios?On a related but completed out of scope topic, without a cisco service contract, how am I supposed to make heads or tails of all the different versions of ios, along with the letter-based features and what-not? I can't even find my 2924 in the list of platforms when searching for ios upgrades.
I am wondering what are the limits per routers for creating the vlans in vlan database? I have a 1801 router with the c180x-broadband-mz.151-3.T2 IOS and cant create more than 14 vlans.. How many does 2800 router support? Why I can't find this information anywhere on cisco.com?
Just spoke to the TAC and didn't get the information needed. When configuring ip dhcp snooping database I am adding this to my configuration:ip dhcp snooping database scp://dhcpsec@192.168.1.50/home/dhcpsec/switch1.dhcp.database.txt..I assumed that to do this I would either specify the password on the command line, similar to the way its done when using ftp/http, or that I would need to create a public/private key.I have enabled scp and can manually copy a file from the switch to the linux server. So I believe I have all the aaa commands correct. Cisco WS-C3560G-24PS System image file is "flash:/c3560-ipservicesk9-mz.122-55.SE.bin".
For my Lan, I have created two Vlan; Vlan 10 = for Users and Vlan 20 = For Database Servers,There are 15 Lan computer/laptop and 5 SQL database server (Dell Server) connected through same 24 port cisco 2960 switch. Means, 15 + 5 port occupied.
I have applied access list on cisco switch to restrict communication between vlan 10 and vlan 20.But My main purpose to create two Vlan is not for any kind of communication or restriction. My main Purpose is that Users traffic do not distrub or choke or affect the Database servers. then what will i need to do for that is VLAN Concept is sufficient for my concern OR I will need to buy seperate Cisco Switch to connect 5 database servers OR Else ?
I need to generate an ODBC connection to the upm Datasource on LMS 4.1 running on Win2K8. I have successfully built connections to cmf, ipm and rmeng, however UPM keeps failing saying that the Database is not found.
Here are my settings.
Driver = CiscoWorks Embedded Database ODBC Tab - Data source name = upm ODBC Tab - Description = Device Performance Login Tab - Supply user ID and Password is selcted Login Tab - User ID = lmsdatafeed (i have tried DBA as well) Login Tab - Password = set using the password I estabplished with the dbaccess.pl and dbpasswd.pl scripts Database.Server name = upmEng Network.TCP/IP = HOST=<lms server ip>;DOBROADCAST=NO;ServerPort= 43800
I validated the server port using netstat -a -b -o and matching up the PID with the UPMDBEngine process shown in the LMS Manage Processes window.Windows firewalls on the remote machine and the LMS server are off.
We are using CWLMS 2.6 on a UNIX machine. And recently we changed the SNMP String to our network devices. One of L2 switches keeps logging the following message:
%SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 10.x.x.1
Where 10.x.x.1 is ciscoworks LMS server. I found a solution on many sites that suggest resetting DFM database. I stopped first the daemon manager and tried to apply the perl script:
Can't locate CRM.pm in @INC (@INC contains: /usr/perl5/5.6.1/lib/sun4-solaris-64int /usr/perl5/5.6.1/lib /usr/perl5/site_perl/5.6.1/sun4-solaris-64int /usr/perl5/site_perl/5.6.1 /usr/perl5/site_perl /usr/perl5/vendor_perl/5.6.1/sun4-solaris-64int /usr/perl5/vendor_perl/5.6.1 /usr/perl5/vendor_perl .) at dbRestoreOrig.pl line 31. BEGIN failed--compilation aborted at dbRestoreOrig.pl line 31.
CRM.pm already exists in the path ENV{NMSROOT}/lib/perl/db
At line 31 of dbRestoreOrig.pl – the error – I found the following:
push(@INC, "$ENV{NMSROOT}/cgi-bin/dbadmin/pdbadmin"); use lib "$ENV{NMSROOT}/lib/perl/db";
I gave the system the path of NMSROOT and run the script again but it gives me the same error “Can't locate CRM.pm”
we are desperately trying to set a custom password of our WCS database in order to use it for direct SQL queries (Cumbersome over Web surface). To my knowledge there is a way to reset it however this password would be randomly generated and not available in plain text.
Until version 6 there was a feature to directly set a password via the dbadmin command.
I have done a WCS 7.0.220.0 to NCS migration prior to moving to Prime 1.2. I followed the instructions to export the WCS database via the export.bat all command and exported the database. However, when I import this zip fileto NCS there do not seem to be any of the original WCS templates. All the maps and AP details have migrated but no templates.
I have tried the export again and ploughed through the resultant zip file looking for anything that looks like template files but there is nothing immediately apparent that looks like templates.
I tried to change my password for rmeng using the following command: ./dbpasswd.pl dsn=rmeng encryption=yes npwd=NEWPASSWORD
Here is the output from the dbpwdChange.log INFO: Start changing password for database 'rmeng'... Thu Sep 29 14:51:18 GMT 2011> INFO: New userinfo updated into database
Recently I installed LMS 4.1 accidentally on the c-drive, which, as a result, fills itself with a growing database and associated logfiles. How can I move both items to another drive safely? I allready managed to move configs and downloaded software.
I have a 4402 being used as a dmz anchor and we use WCS to allow our Helpdesk to create lobby ambassador accounts. Recently they have been getting error messages when attempting to create accounts. I am seeing the database maxxed out at 2048. The docs state database entries are made up of mac filters(don't use)..ap mic/ssc(don't use)..Dynamic interfaces(minimal) management users(2) local netusers (100 approx)..and excluded clients(none). So the numbers don't add up.I am on 4.2.61.0 code.. I will say also that WCS shows alot more netuser accounts than my anchor does but no where the numbers to max out the database. Is there some other criteria that hits against the datasbase number?? And what can I do on the WCS to insure it si synch'd up against the dmz anchor other than a audit..
I have question about the basics of a high performance application and database server connection to each other. I have two servers, one application and one database server. Both of them are Windows 2008 R2 servers. I would like to connect them. What is the best configuration for quicker communication between them. Is it better to connect them through a network switch? Or directly connect them? Do I need to dedicate one of the ethernet ports on each server to separate their traffic to each other, from the internet connection traffic?
i configured pix 525 for easy vpn. About 100 to 200 people will use this service. i dont have much knowledge about radius and tacacas servers. Is local data base enough for extended authentication or should i configure the server for it ?
an attacker have configured his PC with an static IP address but there is no such entry configured statically in switch, neither in DHCP snooping database.now when he want to generate traffic will switch block him? because there is no entry of his PC in the switch database.
Firstly the ACS 4.2.1 for Windows database replication does any one have and documentation on the processes required?Secondly I have a single system installed which is providing TACACS authentication for management access to a Cisco 5508 WLC, the controller prompts with a login box on connection to the web interface. When you put in the username and password pair the box comes back as if the authentication has failed. On the ACS I was unable to see any failed authentications so enabled passed authentication reporting and can see the user passing the process. The WLC is running software version 6.0.199.4. On the ACS I have added the extra two options within the TACACS interface configuration and have a ‘role1=all’ against both the user and the group the user is part of so I am confused as to why the user is still denied access.
When I try to add new MAC entrys to the WLC I get the following message unable to add mac entry to database, reached max size the problem is when I look at the stats there is only 386 MAC entry and the databse size was set to 1024 entry..The work around was to increase the size of the database to 2048.Is there any why to clean up the database?
Just installed ACS 5.0.0.21. Monitoring and reports database was working, but now is not. When trying to open, I get "Monitoring and reports database currently unavailable. Trying reconnect in 5 minutes." From CLI "sho application status acs" gives me the following:
I have the following message in my CiscoPrime LMS 4.2.2 home portal: Discrepancies: Unable to connect to Data base. Probable Cause: ANIDbEngine process may be down.
We have recently upgraded acs 5.1 to 5.3 ( normal upgrade process), all secondary (ACS-B) was deregistered from primary (ACS-A , used as configuration server and log collector) and updated successfully. But while upgrading primary acs server was rebooted manually. But later primary server was re upgraded successfully to 5.3.
Just to ensure database is not lost on primary acs (ACS-A) , primary acs was registered to one of the secondary acs (ACS-B). Initially ACS-A registered with ACS-B, both ACS was showing proper role now. ACS-A ( secondary ) and ACS-B (primary). But on New primary ACS (ACS-B) is showing new secondary (ACS-A) offline and replication pending. Whereas on Secondary ACS-B its shows primary ACS-A online and updated. But ACS replication id is gradually incrementing. ACS system is in this system for last 2 day, But not sure if there is real replication happening at backend? How long it take place to replicate completely? and how to check / verify status of upgrade?
If i have a database on access 2007 containing around 1500 products how could i link this to a web site so that the item has the correct price and when an item is sold directly from the site the stock level reduces.what programs would I need and how would I set it up. I have little experience in this field and generally deal with hardware
how to migrate the db from acs windows 3.3 to acs appliance 4.2.15.We are replacing win 3.3 to appliance 4.2.15 as a part of end of life. So we have the eap-tls/peap authentication.It has the huge records. So suggest me the steps to migrate the db from win 3.3 to appl 4.2.15.Do we need to upgrade to win 3.3 to win 4.0 to win 4.2 & then to migrate to appl 4.2 ?
We are wanting to use local database users to authenticate our SSH connections to our 6500 cores.
We have added the usernames and password into the 6500 using
username anameduser password astrongpassword or username anameduser secret astrongpassword
We where expecting the commands to be the same as other iOS devices example C3750 we would add.
Line vty 0 4 login local
And this would allow us to use the local user database to authenticate our ssh sessions.
The login local commands are not availbe on the 6500s and we have not found any documentation on how to impliment a local database for this purpose except in a CatOS 6500.
