Network Device Configuration

Similar Messages

• LMS 4.2 Network Devices configuration requirement

  I have install LMS 4.2 and nat ip to discover found WS-6513 but cannot polling inventory.
  I serch for document about configuration on Network Devices such as switch, router, asa etc. to support LMS.
  But I cannot find it, anyone have example configuration or document about this ?

  Given that you have verified the SNMP RO community string and assuming you have a Supervisor 720 as noted in the compatibility matrix, you should be able to pull inventory.
  As a next step I would check what is going on when you actually try to retrieve inventory.
  Go into Device Center for your switch and select Tools > Packet Capture. Create a capture using the IP address of your switch and choose application SNMP (udp161). Give it adequate time, say 10 minutes (600 seconds). then go back into Device Center and choose Tools, Update Inventory. Once the Job Browser indicates the job is done )or failed), go back into the Packet Capture Window and examine the traffic captured (the jet file can be opened in Wireshark).
  A successful Inventory update consists of a series of get and get-bulk requests and associated get responses from the managed device. If it's failing, there should be some response early on in one of the frames from the capture.

• Network device configuration for SCOM 2012 Network Resource Pool

  We are planning for two management servers in a Network Resource Pool.
  So(considering failover situation) to send traps to both devices do we need to configure both management servers as SNMP servers on these devices?
  If yes, Then it will definitely need double traffic for sending traps to two devices, isn’t it?
  What SNMP server name we should use while configuring devices?
  Thanks,
  Vinayak

  Hi,
  >So(considering failover situation) to send traps to both devices do we need to configure both management servers as SNMP servers on these devices?
  Yes, you need to configure both management servers as a trap recievers.
  >If yes, Then it will definitely need double traffic for sending traps to two devices, isn’t it?
  That's right.
  http://OpsMgr.ru/

• Where is a part of configuration archive file of network devices

  Hi everyone,
  Today I'm already install Cisco Prime 2.1 for my customer but I'm having trouble about backup configuration file. Originally my customer use LMS to backup router/switch configuration and they can copy configuration file from local disk to backup storage immediately in anytime that they want but now when they use Prime 2.1. They not know where is the part that program will save configuration file (.txt or .cfg) to local disk. Prime 2.1 is the appliance box and we can login root to see the linux part.
  I don't know that exactly the Cisco Prime will save backup configuration to database file (such as sql file) of text file (.txt or .cfg) and if it save as text. i would like to know where is the part of backup configuration file that I can access to copy it via ftp.
  Thank you for advice,

  Hi ,
  Right now this feature is not available in PI , enhancement has already been filed to address this issue:
  transferring device config archive from PI to other server is not supported and currently
  there's no way to achieve this.
  Previously, the following enhancement bug was previously raised but I'm not sure whether
  this feature will be announced from the further PI version or not.
  CSCud84458 Need separate folder for config archives to be stored on NCS/PI
  Symptom: Device Configuration can not be retrieved from NCS/Prime Infrastructure using CLI
  or an LMS 'shadow' directory equivalent
  Conditions: PI 1.x and 2.0 are affected by this limitation.
  Workaround: None
  Further Problem Description: Unlike precursor products, such as LMS, device configurations
  are not natively stored in the filesystem and are rather stored in the inbuilt Oracle DB
  as BLOB objects.
  Thanks-
  Afroz
  ***Ratings Encourages Contributors ***

• How to stop ACS intergated AD users to login in AAA clients(network device)

  I have ACS 4.2 Appliance which is integrated with Active directory.
  AD users are able to login in network devices. Is there any so that I can stop AD user and other local users to login in AAA clinets (network devices).

  These types of configurations are a two-way street. ACS must be configured to actually perform the authentication/authorization, and the AAA clients must also be configured for authentication/authorization. I would look at the AAA client configurations, first.
  What kind of AAA clients are we talking about? Cisco switches, Cisco WLC's? Swicthing gear from other companies?
  For Cisco switches, lines like the following will tell them to use your ACS server for administrative user auth (RADIUS ro TACACS+, respectively):
  aaa group server radius rad_admin
  server xxx.xxx.xxx.xxx
  aaa group server tacacs+ tac_admin
  server xxx.xxx.xxx.xxx
  If your AAA client is a WLC, then you need to uncheck the "Management" box where the RADIUS server is defined for authentication (Security -> AAA -> RADIUS -> Auth).

• ISE 1.2 network device editing

  I have upgraded to ISE 1.2 and the latest patch and noticed a bug where editing network devices, you are unable to save changes as the "Save" button is greyed out. It also appears to have SNMP unchecked for all devices even though there is configuration for them.

  Hi
  Make sure that you have defined Security Group Access (SGA)-enabled devices in Cisco ISE to process requests from SGA-enabled devices that can be part of the Cisco SGA solution. Any device that supports the Security Group Access solution is an SGA-enabled device.
  SGA devices do not use the IP address. Instead, you must define other settings so that SGA devices can communicate with Cisco ISE.
  If you are importing network devices from previous release then You cannot import network devices in Cisco ISE, Release 1.2 that are exported in previous Cisco ISE, Releases 1.1 and 1.1.x as the import template for these releases are different.
  You can import a list of device definitions into a Cisco ISE node using a comma-separated value (CSV) file. You must first update the imported template before you can import network devices into Cisco ISE. You cannot run an import of the same resource type at the same time. For example, you cannot concurrently import network devices from two different import files.

• How to import network devices on ISE 1.2

  Hi, experts,
  I'm trying to import network devices on ISE 1.2.0.899
  so I downloaded the template and opened with notepad and wrote all the nessesarry information.
  and I tried to upload to ISE, and it just said import failed. no reason..
  does anyone know how to do it ?

  Hi jiyoung
  This import failed error might occur due to following reasons so please make sure that :
  You are not running two import jobs of the same resource type at the same time. For example, you cannot concurrently run two import jobs to import network devices from two different import files.
  More over please make sure that while configuring the network devices you are performing job from a super admin or network device admin group.
  Best Regards:
  Muhammad Munir
  Hi, experts,
  I'm trying to import network devices on ISE 1.2.0.899
  so I downloaded the template and opened with notepad and wrote all the nessesarry information.
  and I tried to upload to ISE, and it just said import failed. no reason..
  does anyone know how to do it ?

• Failover Cluster Validation Report Error with IBM USB Remote NDIS Network device

  We are setting up Microsoft Windows Server 2008 R2 Failover Cluster on IBM X3850 X5 and get errors in the Failover cluster Validation Report due to the IBM USB Remote NDIS Network Device is using APIPA adresses and both servers are using same APIPA-adresse.
  How should I configure the Server and OS for the Failover cluster to be MS approved?
  IBM don't recommend that i disable the Network device, but it is a possible solution!?!

  What I did was use ipconfig /all to see the settings it is using and then when and set the ip setting on the NDIS driver to be that except I increment the last value by 1 for each node so that they do not have the same IP address.   I ran the
  cluster validation again and it came up clean and I have not experienced any issues yet.  It does give warnings about it being an Automatic Private IP Address and should not be used, which is ok because we are not going to use it anyways.
  Rich Baumet

• How to discover network devices?

  We have a SCOM2012R2 management group with 6+ management servers. If I want to configure discovery of network devices,
  1. can I use "All management servers" pool to discover them? or
  2. Can I specify/reserve two of them just to do the discover and manage those network devices (a handful devices), and how?
  3. If I create a resource pool contains only those two MSs, do I need to remove them from "All management servers" pool?

  Yes, you can create one discovery rule per management server or gateway server.
  http://blogs.technet.com/b/ptsblog/archive/2011/11/28/network-monitoring-with-system-center-operations-manager-2012.aspx
  Operations Manager supports monitoring of the following number of network devices:
  2000 network devices (approximately 25,000 monitored ports) managed by two resource pools
  1000 network devices (approximately 12,500 monitored ports) managed by a resource pool that has three or more management servers
  500 network devices (approximately 6,250 monitored ports) managed by a resource pool that has two or more gateway servers
  Also you can refer below link
  http://technet.microsoft.com/en-us/library/hh212935.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"

• AAA authentication for networking devices using ACS 4.1 SE

  Hi!!!
  I want to perform AAA authentication for networking devices using ACS 4.1 SE.
  I do have Cisco 4500, 6500,2960, 3750, 3560, ASA, CSMARS, routers (2821) etc in my network. I want to have radius based authentication for the same.
  I want telnet, ssh has,console attempt to be verified by radius server & if ACS goes down then it will be via local enable passwordf.
  For all users i need to have different privilege levels based upon which access will be granted.
  could u plz send me the config that is required to be done in the active devices as well as ACS!!!!

  Pradeep,
  Are you planning MAC authentication for some users while using EAP for others?
  For MAC authentication, just use the following in your AP.
  aaa authentication login mac_methods group radius
  In your AP, select the radius server for mac authentication. You must have already defined your ACS as a radius server.
  In your SSID configuration, under client authentication settings,
  check "open authentication" and also select "MAC Authentication" from the drop-down list.
  If you want both MAC or EAP, then select "MAC Authentication or EAP" from the dropdown.
  Define the mac address as the username and password in ACS. Make sure the format of the mac is without any spaces.
  You will not need to change anything in XP.
  NOTE: XP normally does not require user authentication if machine has already authenticated but it might behave differently. If it does, I can let you know the registry settings to force the behaviour change.
  HTH

• More than 4 network Devices - how do i connect?

  Hi,
  I have a new Home Hub 4 and i am currently using all the outlets from my network devices. I now need another connection in my lounge for my blue ray player, but i obviously do not have anymore network connections available?
  I have an old home hub 3, could i swap the connection to the spare LAN2 at my modem and put the hub 3 on the other end and then have 4 connections available instead of the original 1?
  I am a novice as this and would appreciate any help to solve my current problem - diagrams would be very useful.
  Regards
  Rob
  Solved!
  Go to Solution.

  >Disable the wifi card on your computer/laptop as you dont want to change settings on master hub by accident.
  >Power on old hub but do not connect to phone line just plug it into the wall and connect an ethernet cable from this to your computer.
  >Navigate to 192.168.1.254 on your browser this will bring up your hub configuration page.
  > Goto Advanced - Firewall - Configuration - Disable.
  > HUB 4 AND 5 ONLY: Goto Advanced - Home network - Smart Setup - Disable.
  > Goto Advanced - Home Network - IP addresses - In the IP address box type 192.168.1.10 and then click on DHCP server disable - apply. (Do both steps then hit apply or you will loose connection and it will be difficult to get back)
  > Now plug the old Hub into the main hub via ethernet or powerline network plugs and voila you have an access point.
  At this point you will have 2 seperate wireless networks broadcasting 2 names (ssid) and using 2 different wireless keys, which itself is not a problem just point your devices at the one you want to connect to and it will work, however now would be a good time to set yourself a nice custom SSID and wireless key that you can remember easily and to do this follow instructions below.
  To set master Hub goto 192.168.1.254 in your browser
  To set slave Hub goto 192.168.1.10 in your browser.
  Instructions are the same for both.
  Goto advanced - wireless - and now set SSID - Wireless key to a custom choice, if you are using the same SSID and Key for both hubs make sure you set the same security type or devices may not be able to connect to one or the other.
  Below applies to secondary hubs only and your main hub will have the same status lights as normal.
  On Hubs V2 and V3 you will be left with just the wireless and power lights illuminated the broadband light will be off.
  Hub V4 your status light will be orange and your broadband light will flash constantly this is normal.
  Hub V5 your status light will be orange and broadband light will flash constantly, however occaisionally the status light will flash as if its trying to connect, again this is normal and does not effect operation.

• SCOM 2012 Alerts for Ping Network Device

  Hi
  I have SCOM 2012 and configure Rule for Ping my Network Device.
  My question is, How to Configure Alert for send mail when timeout is detected on Rule?. Step by step documentation? I see tab Alerts on the monitor but Generate Alerts option is greyed out. 
   thanks.

  More info:
  How to test email notification settings in Operations Manager
  https://support.microsoft.com/kb/934756?wa=wsignin1.0
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Network Device Repository/Database to keep Inventory & other info

  I need your help to find a solution/tool which can serve as network repository for our organization.  This tool can be database of all network device including servers to keep Visio diagrams, change logs, specify location, escalations, primary and secondary contacts etc. 
  I have heard of Orion but I think it can’t hold Visio diagrams with devices.  If you know any other tools that can do all that for me, it will be appreciated.

  I've always used sharepoint for managing diagrams as it has built in version control. It handles document management very well.
  If you were so inclined you could build your own database for device information in sharepoint also and link the devices to diagrams
  Of course there is no one tool to manage all of your requirements. That's why I'll plug my own tool for configuration backups of your network devices.
  See below or Cisco cafe forum on this site for more info.
  www.rconfig.com
  Sent from Cisco Technical Support iPhone App

• Prime LMS 4.2 to save devices configurations "copy run start"

  we need to create a job on LMS to save the configurations on the network devices, like everyday LMS should run "copy run start" on all the devices.
  Any one can assist, thanks

  You can create a NetConfig job using LMS, which can do this for all LMS managed devices. You can simple select an Adhoc job and use command copy run start and schedule as per you requirement.
  Check more details here on NetConfig.
  Also, You can generate an Out-of-Sync report for the group of devices for which running configurations are not synchronized with the startup configuration from :
  From here you can directly sync the devices which will do the same task of doing copy run start. Unfortunately, it cannot be scheduled and hence needs to be checked manually usually.
  Check details on Out-of-Sync here.
  -Thanks
  Vinod
  **Encourage Contributors. RATE them**

• 13017 Received TACACS+ packet from unknown Network Device or AAA Client

  I am adding new routers to our Corporate network for a new MPLS network.  I am getting 13017 Received TACACS+ packet from unknown Network Device or AAA Client  errors for these new routers.  They are added to ACS 5.4.0.30 correctly just like all of our other devices.  We have never had real routers on the network before, just switches and access points.  Is there something special I need to set in ACS for these to work and authenticate correctly?  I can only access the currently with built in login locally.
  One of the new router configs
  Current configuration : 2370 bytes
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname T666
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$h7b3$.T2idTKb9H98BQ8Op0MAC/
  aaa new-model
  aaa authentication login default group tacacs+ local
  aaa authentication enable default group tacacs+ enable
  aaa authorization exec default group tacacs+ local if-authenticated
  aaa accounting exec default start-stop group tacacs+
  aaa session-id common
  clock timezone CST -6
  clock summer-time CDT recurring
  ip cef
  ip auth-proxy max-nodata-conns 3
  ip admission max-nodata-conns 3
  voice-card 0
  crypto pki trustpoint TP-self-signed-2699490457
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-2699490457
   revocation-check none
   rsakeypair TP-self-signed-2699490457
  username netadmin privilege 15 secret 5 $1$SIR2$A3MpShVNeAOlTPyLZESr..
  interface FastEthernet0/0
   ip address 10.114.2.1 255.255.255.0
   ip helper-address 10.30.101.4
   duplex auto
   speed auto
  interface FastEthernet0/1
   no ip address
   shutdown
   duplex auto
   speed auto
  interface Serial0/1/0
   ip address X.X.X.X 255.255.255.252
   no fair-queue
   service-module t1 timeslots 1-24
   service-module t1 remote-alarm-enable
   service-module t1 fdl ansi
   no cdp enable
  router bgp 65065
   no synchronization
   bgp log-neighbor-changes
   network 10.114.2.0 mask 255.255.255.0
   neighbor X.X.X.X remote-as 209
   neighbor X.X.X.X default-originate
   default-information originate
   no auto-summary
  ip forward-protocol nd
  ip bgp-community new-format
  ip http server
  ip http authentication aaa
  ip http secure-server
  ip tacacs source-interface FastEthernet0/0
  no logging trap
  tacacs-server host 10.30.101.221 key 7 1429005B5C502225
  tacacs-server host 10.30.101.222 key 7 1429005B5C502225
  tacacs-server directed-request
  control-plane
  banner exec ^CC
  C
  Login OK
  ^C
  banner motd ^CC
  C
  **  UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED.  USE OF
  **  THIS SYSTEM CONSTITUES CONSENT TO MONITORING AT ALL TIMES.
  **  RUAN Transport Corporation
  **  Network Services
  **  [email protected]
  **  515.245.2512
  ^C
  line con 0
  line aux 0
  line vty 0 4
   exec-timeout 30 0
   transport input all
  line vty 5 15
   exec-timeout 30 0
  scheduler allocate 20000 1000
  end
  T666#

  AAA Protocol > TACACS+ Authentication Details
  Date :
  September 19, 2014
  Generated on September 19, 2014 10:21:27 AM CDT
  Authentication Details
  Status:
  Failed
  Failure Reason:
  13017 Received TACACS+ packet from unknown Network Device or AAA Client
  Logged At:
  Sep 19, 2014 10:21 AM
  ACS Time:
  Sep 19, 2014 10:21 AM
  ACS Instance:
  acs01
  Authentication Method:
  Authentication Type:
  Privilege Level:
  User
  Username:
  Remote Address:
  Network Device
  Network Device:
  Network Device IP Address:
  10.114.2.1
  Network Device Groups:
  Access Policy
  Access Service:
  Identity Store:
  Selected Shell Profile:
  Active Directory Domain:
  Identity Group:
  Access Service Selection Matched Rule :
  Identity Policy Matched Rule:
  Selected Identity Stores:
  Query Identity Stores:
  Selected Query Identity Stores:
  Group Mapping Policy Matched Rule:
  Authorization Policy Matched Rule:
  Authorization Exception Policy Matched Rule:
  Other
  ACS Session ID:
  Service:
  AV Pairs:
  Response Time:
  Other Attributes:
  ACSVersion=acs-5.3.0.40-B.839 
  ConfigVersionId=359 
  Device Port=59840 
  Protocol=Tacacs
  Authentication Result
  Steps
  Received TACACS+ packet from unknown Network Device or AAA Client
  Additional Details
  DiagnosticsACS Configuration Changes