ISE 1.3 or Prime 2.1 NFS Backup to Synology NAS

Similar Messages

• Cisco Prime 2.1 HA and NFS backup

  Hi,
  I've just configured my Cisco Prime with the external NFS backup server using instruction from the Administration Guide,
  http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-1/administrator/guide/PIAdminBook/backup_restore.html#pgfId-1085464
  all works fine but I'm wondering what about HA server? Should I configure all the same steps I did on a primary server?
  Regards
  Gunter

  No, this instruction is for how to configure backup server and how to configure Cisco Prime to be able to use NFS for backup files. It works, I did this and there was no problem during the configuration. The only thing I'm wondering is that I did this on the primary Cisco Prime and not on the HA CP server. So what will hempen if the primary fail and the HA switch over as a primary? Should I configure the same repository on it, should I enable NFS on the HA server also?

• Cisco ISE 1.2 - NFS Backup

  I'm trying to use NFS to backup Cisco ISE on a schedule but I'm having difficulty.  I'm not sure what the settings should be or the proper syntax.          

  Hello David,
  Please share your ISE running configuration to find and verify syntex.
  Source or destination URL for an NFS network server. Use url nfs://server:path1.
  Server is the server name and path refers to /subdir/subsubdir. Remember that a colon (:) is required after the server for an NFS network server.
  Also please reverify below required format:
  The path must be valid and must exist at the time you create the repository. The following three fields are required depending on the protocol that you have chosen.
  –ServerName—(Required for TFTP, HTTP, HTTPS, FTP, SFTP, and NFS) Enter the hostname or IPv4 address of the server where you want to create the repository.
  –Username—(Required for FTP, SFTP, and NFS) Enter the username that has write permission to the specified server. Only alphanumeric characters are allowed.
  –Password—(Required for FTP, SFTP, and NFS) Enter the password that will be used to access the specified server. Passwords can consist of the following characters: 0 through 9, a through z, A through Z, -, ., |, @, #,$, %, ^, &, *, (, ), +, and =.

• Synology NAS: no NFS support for encrypted folders / alternatives ?

  Dear all,
  I recently bought a Synology DS710+ NAS. It comes with DSM2.3, and I am a bit disappointed to notice that encrypted shared folders cannot be exported using NFS. This is a problem since I need uid/gid and file permissions to be fully preserved, and that it's not the case with CIFS or AFP.
  Why such a limitation ? Can you think about reliable alternatives ?
  Cheers,
  Aurélien.

  Might not be helpful since I know NOTHING about synology devices...
  A friend of mine managed to make his setup with synology sweet and i believe he customized NFS/network shares.
  http://befreely.blogspot.com/2010/04/nas-setup.html
  https://sites.google.com/a/befreely.dyn … x/synology
  Let me know if it helps!
  Last edited by anthonyclark (2010-09-24 01:11:17)

• Prime Infrastructure Controller Configuration Backup

  Hi,
  Does anyone know if its possible to send controller configuration backups to a specific folder on a FTP server?
  Currently PI backs up all the controller configs to the root directory of my FTP server. It would be really good if I can specify a folder to store the configs within Prime. Perhaps I should be backing up the configs a different way?
  Thanks,                  

  I having problem with my Controller Backup.
  When a try witch CLI to make my Backup i get this.
  mgmt-cncs/admin# backup test repository wcs-ftp-repo
  % Creating backup with timestamped filename: test-130619-1202.tar.gpg
  INFO : Cannot configure the backup directory size settings as the free space available is less than the current database size.
  You do not have enough disk space available in your repository to complete this backup.
  DB size is 48 GB
  Available size is 30 GB
  Please refer to the command reference guide for NCS and look at the /backup-staging-url/ command reference to setup the backup repository on an externally mounted location
  Stage 5 of 7: Building backup file ...
  -- complete.
  Stage 6 of 7: Encrypting backup file ...
  -- complete.
  Stage 7 of 7: Transferring backup file ...
  -- complete.
  Is Backup first trying to make a local file and then send it to the repository?
  Because i have only 30 GB local disk.
  Usage for disk: filesystem
                   180752384 bytes total used
                 28549025792 bytes free
                 30293413888 bytes available

• CS-Mars NFS Backup

  Dear all,
  i am using NFS sharing folder(located on a server) in order to backup cs-mars events.
  the space on the server is full, i tried to extend the server with an external hard disk(usb connection) where i created an NSF sharing folder, but solution failed.
  it seem the folder should be located on an internal hard disk.
  so i have to add and connect a new hard disk on board. any other suggestion?
  one more thing, i am trying to move NFS shared folder containts to a new location, but cuting files is not allowed. i stoped the nfs sharing on the folder but the same issue (not allowed). i changed the nfs folder to a new folder with cs-mars, but also i am not able to cut or delete the files on the first nfs sharing.
  please advice how may i delete those files. (one pna file is kept on all day folders and i am not allowed to delete it, access is denied).
  thank you

  Hello
  If its  a Windows box, download something like Proccess Explorer and find the file/handle locking the NFS archive files and then stop that process, you can then copy/move them anywhere you like
  http://technet.microsoft.com/en-us/sysinternals/bb896653
  For *nix, check the file permissions (ls command) and then use chmod to modify accordingly
  Regards
  Farrukh

• Redirecting LR5 from prime image location to backup location?

  I have two 3TB external drives (Drive E & F) running on my PC (Window7), Drive E has all of my images (~60k) and Drive F is used as my backup where I copy over almost all of the files (some are silly images that I don't care if I lose). Drive E just crashed. How do I now redirect LR5 to link up with my backup Drive F?  As a side note - I backup my LR settings on my core drive, which is also where LR5 resides.  Thanks, bill

  One way would be to change the drive letter of F: to E: assuming the path on F: is the same as was on E: aside from the drive letter.
  The LR way is to right-click on the top-level folder(s) and choose Locate Missing Folder or whatever the exact phrasing is, nowadays, then browse over to the copy on F:.

• Prime Infrastructure 1.3 backup

  Hi,
  I have issue to backup our PI 1.3.0.20, from the GUI (admin task/NCS backup) failed with the below error message on the log:
  Apr 24 15:42:39 srvapip01 logger: warning:[backup-app.sh] application backup script did not backup any files.
  Apr 24 15:42:39 srvapip01 logger: warning:[backup-app.sh] backup file backup-20140424-0332.tar.gpg was not created as no application data exists for this backup
  Apr 24 15:42:39 srvapip01 debugd[3423]: [10749]: backup-restore:backup: br_backup.c[515] [daemon]: appcomponent backup script failed
  Apr 24 15:47:01 srvapip01 debugd[3423]: [21140]: logging: logutils_cli.c[530] [admin]: ADE Got cfg: Server localhost location /var/log/ade/ADE.log loglevel 6 islocal 1
  And from the CLI with error message below:
  % Creating backup with timestamped filename: NCS-BCK-Toto-140424-1634.tar.gpg
  INFO : Cannot configure the backup directory size settings as the free space available is less than the current database size.
   /opt partition space looks good proceeding with backup
    Stage 1 of 7: Database backup ...
    -- complete.
    Stage 2 of 7: Database copy ...
    -- complete.
    Stage 3 of 7: Backing up support files ...
    -- complete.
  Not enough space for NCS backup
  Backup database failed.
  % Internal error: couldn't create backup file
  I reload/stop/start/clenup etc…. and still have same issue, don’t find any doc or info by googling.
  I have to upgrade to version 2.1 that was released yesterday but before want to get a up to date backup.
  Thanks for your help

  I have never used a full path, but I have specified what folder the login account will use. Maybe that's what you should do.
  NCS-User folder:
  ftp://server/IT/Wi-Fi/Backup
  This way you don't have to out a full path in the URL for the repository.
  Sent from Cisco Technical Support iPhone App

• ISE and prime infrastructure 1.2

  Hi
  I have ISE 1.1 withc many access devices added (catalyst 2960,3760, AP and controller)
  I installed Cisco prime 1.2 and added my ISE (Design-> External Management Servers -> ISE Servers.) and access devices
  I need to monitor all ISE information and configuraton from prime
  But I dont see any information comming from the ISE
  Is there any additional configuration that should be donne on the Prime or ISE to monitor all ISE information on the prime
  Please advise

  Hello,
  The link below might help you out in solving your query:-
  http://www.cisco.com/en/US/docs/wireless/prime_infrastructure/1.2/configuration/guide/clientmgmt.html#wp1288722

• ISE and Prime Integration

  Dear All,
  I have ISE nodes in distributed environment.
  1) Added PRI & SEC Monitoring node in Prime under Administration --> Servers -->ISE Servers. 
  By doing this i am getting ISE reports under Reports Launch Pad.
  2) On ISE Administration --> System --> Logging --> Remote Logging Targets (Prime <IP address>, Port: 514, Facility:Local 6, Target Type: UDP syslog)
  But i am unable to get any ISE syslog on the prime.
  Can anyone tell me how to see the syslogs of ISE in Prime ? 

  Thanks for your reply.
  I have added third party syslog ip address on ISE as Remote logging. But i am not receiving AAA Passed/Failed logs whereas other system logs are being received. 
  Having Local 6 as facility code. any help?

• ISE 1.1.2 : Missing field to name an endpoint

  Environment :
  AP 2602, WLC 5508 V7.4, ISE 1.1.2, Prime Infras 1.2
  For a specific SSID, we use MAC address as 1 of the conditions to authorize access only for the company-owned mobiles (smartphones and tablets), the other condition being, for the mobile, to present a valid AD user/password;
  this way, the so-called BYODs are rejected since this is the rule within this company ;
  The difficulty with this approach is the fact that there is no way in ISE Identities Endpoints nor Groups to associate a user-friendly name to the MAC address of the mobiles, which makes very tedious some actions such as a search in the ISE authentication Log based on the MAC address value itself;
  the question is just to know if it is planned to add a new field  in Identities Endpoints definition that would allow to associate a user-friendly name to a MAC address, for future ISE versions,
  thanks in advance

  This seems like a no-brainer to me. Not being able to name or at least note endpoints makes management a nightmare.

• ISE + PI FIPS certification : bug CSCup43507

  Symptom:
  ISE in FIPS and we are trying to integrate it with Prime Infrastructure.
  Conditions:
  ISE in FIPS and we are trying to integrate it with Prime Infrastructure.
  Workaround:
  Disable FIPS on ISE
  Really...you want us to tell the customer that they should have to disable FIPS on their ISE deployment to get Prime to work with it? That is a ludicrous suggestion at best. The customer has very specific requirements that mandate the FIPS configuration, and they are not going to switch it off to allow PI to play nice.
  What is the technical reason that PI can't talk with ISE in FIPS mode?
  Where is the reasoning in this bug report to support the workaround suggested?
  When (if ever) will this bug be fixed?
  Should we be recommending some other software suite other than Prime for our large government customers that want to manage their network that includes ISE running in FIPS mode?

• ISE and PI Integration

  Dear All,
  What are the configuration required on ISE to integrate with Prime 1.3.0.20?
  On PI side, I have added ISE in the below path
  Design-> External Management Servers -> ISE Servers.
  Apart from this anything else to be done on PI..?
  Thanks in advance.

  The stuff to do on the ISE is set up as a Radius Server for your client authentication. When ISE acts as a radius server, Prime Infrastructure collects additional information about these clients from Cisco ISE and provides all client relevant information to be visible in a single console on PI.
  The point to remember is that PI is a management sloution for wired and wireless clients, while ISE acts as ACS and NAC combined. Recall that ACS on its own could not do posture validation without NAC.
  Cheers

• RMAN, RAC, NFS, and server lock ups

  Good day. My environment is:
  --a 2-node RAC
  --Enterprise Edition 11.2.0.3
  --RHEL 5.1
  The goal is to use RMAN to push backups to a shared NFS mount (on a different server). Both nodes will have access to this location (in the event one node goes down, the other can still run backups). Easy, right?
  Wrong.
  I've tried every NFS mount option in the book. Most work just fine, some don't. When I use the recommended NFS mount options:
  rw,bg,hard,nointr,rsize=32768,wsize=32768,tcp, vers=3,timeo=600, actimeo=0
  or
  rw,bg,hard,nointr,rsize=32768,wsize=32768,proto=tcp,noac,forcedirectio, vers=3,suid
  The mount works normally. I can "ls" and "mkdir" and "touch" and "vi" and "cp" files back and forth from the NFS backup location to the RAC node all day long. No problems. However, when I try to do almost anything in RMAN which requires writing to the NFS backup location such as the command "backup archive all delete input;" (or even things as simple as a Crosscheck or RMAN configuration change which writes any changes back to the autobackup ControlFile) the node locks up. There are no errors (or if there are, I don't know where to find them), even when I use RMAN log.
  Just to recap: I run a Crosscheck (or any RMAN process that writes to the NFS backup location), the node will lock up, and I can let it sit for a day, inaccessible, with CRSCTL on the other node saying it's offline, and the node will never come out of a "frozen" state. It cannot be pinged or connected to.
  I think I can safely rule out NFS mount options at this point.
  I understand (after extensive reading of MOS docs and testing) that RAC RMAN can and does suffer from inefficient I/O when writing to an NFS mount. I don't think that's the culprit either. The autobackup ControlFile is not that big and I cannot see how running a simple Crosscheck would lock an entire node.
  I am hoping someone has encountered this in the past and hopefully it's just a simple misconfiguration somewhere.

  My NFS line in /etc/fstab is (these options are for supporting 11.2.0.3, 11.1.0.7, and 10.2.0.4/5 simultaneously): server.domain:/NFS_Export /backup nfs rw,bg,hard,nointr,rsize=32768,wsize=32768,tcp,actimeo=0,vers=3,timeo=600 0 0
  Before you installed GI, did you by chance do a yum update? I've encountered a similar issue which ended up being due to mkinitrd creating a corrupted kernel; mkinitrd is invoked during the GI installation when the ADVM drivers are added and in my case mkinitrd created a new kernel prior to the new kernel being installed. Second to that, make sure you have the matching kernel headers to your kernel version. If they are different then you could probably get away with just creating a new kernel with mkinitrd and relinking GI/RDBMS homes, but be prepared to wipe GI and reinstall.

• Cisco ISE with both internal and External RADIUS Server

  Hi
  I have ISE 1.2 , I configured it as management monitor and PSN and it work fine
  I would like to know if I can integrate an external radius server and work with both internal and External RADIUS Server simultanously
  So some computer (groupe_A in active directory ) will continu to made radius authentication on the ISE internal radius and other computer (groupe_B in active directory) will made radius authentication on an external radius server
  I will like to know if it is possible to configure it and how I can do it ?
  Thanks in advance for your help
  Regards
  Blaise

  Cisco ISE can function both as a RADIUS server and as a RADIUS proxy server. When it acts as a proxy server, Cisco ISE receives authentication and accounting requests from the network access server (NAS) and forwards them to the external RADIUS server. Cisco ISE accepts the results of the requests and returns them to the NAS.
  Cisco ISE can simultaneously act as a proxy server to multiple external RADIUS servers. You can use the external RADIUS servers that you configure here in RADIUS server sequences. The External RADIUS Server page lists all the external RADIUS servers that you have defined in Cisco ISE. You can use the filter option to search for specific RADIUS servers based on the name or description, or both. In both simple and rule-based authentication policies, you can use the RADIUS server sequences to proxy the requests to a RADIUS server.
  The RADIUS server sequence strips the domain name from the RADIUS-Username attribute for RADIUS authentications. This domain stripping is not applicable for EAP authentications, which use the EAP-Identity attribute. The RADIUS proxy server obtains the username from the RADIUS-Username attribute and strips it from the character that you specify when you configure the RADIUS server sequence. For EAP authentications, the RADIUS proxy server obtains the username from the EAP-Identity attribute. EAP authentications that use the RADIUS server sequence will succeed only if the EAP-Identity and RADIUS-Username values are the same.