LMS 2.6 Sync Archive issues - Catalyst 6509

Unanswered Question
Nov 5th, 2007

Hi there

I'm unable to do a config backup for two devices in our network that are both Catalyst 6509 switches. There are 6 other devices of the same model that work OK.

- LMS 2.6 using ACS integration (ACS 3.3)

I have;

- checked device packages and made sure they are up to date (MDF 1.21 and Cat6000IOS).

- checked and re-entered device credentials

- performed a "Check device Credential". This showed Telnet was OK, but Enable by Telnet not OK.

This is the message I get when trying to sync archive.

"CM0151 PRIMARY RUNNING Config fetch failed for MyDevice Cause: Unable to enter ENABLE mode from USER mode"

Any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
Joe Clarke Mon, 11/05/2007 - 22:34

If you cannot get into enable mode, and you've rechecked the credentials, the problem is most likely command authorization. Before RME enables itself, it performs the following commands:

show privilege-level

terminal length 0

terminal width 0

All of those commands must succeed. The easiest way to determine the problem for sure, though, is to get a sniffer trace of all telnet traffic to the switch when a sync archive job is running. It should then become very clear what is going wrong.

muttman15 Mon, 11/05/2007 - 23:16

Thanks Joe. I will have to use a sniffer as those commands are coming through in the ACS logs for devices that are successful, but nothing is showing up for the unsuccessful devices in "Tacacs+ Administration active".

For others reading this post, I am troubleshooting in ACS by viewing Reports and Activities;

- Passed Authentications. This shows two lines, with privelege levels 1 and 15.

- TACACS+ Accounting active. This shows one line, with the "disc-cause" showing up as "lost-carrier"

- Tacacs+ Administration active. This shows successful commands during a Sync Archive of a device.

muttman15 Wed, 12/12/2007 - 22:35

Hi Joe

I ran a sniffer and found that the switch was gettting into enable mode, then dropping out for some reason.

I then loaded the device into our DEV instance of RME and was able to successfully manage this device. It took me a while to work out what was different, but the Dev device was picking up the device as a 6506 rather than a 6509.

Deleting and re-entering the device into our PROD RME server worked as the device was now detected as a 6506. I'm not sure what the difference is between these models that would stop a config retrieval, but this seemed to be enough.

What I thought was strange, however, was that RME did not flag that device as "Conflicting", even thought inventory collections on this device were successful.


Satya Siba Sund... Sun, 02/22/2009 - 10:03

HI Matthew/Joe,

I am facing the same error. can you please describe me the solution in details.


This Discussion