11-05-2007 10:14 PM
Hi there
I'm unable to do a config backup for two devices in our network that are both Catalyst 6509 switches. There are 6 other devices of the same model that work OK.
- LMS 2.6 using ACS integration (ACS 3.3)
I have;
- checked device packages and made sure they are up to date (MDF 1.21 and Cat6000IOS).
- checked and re-entered device credentials
- performed a "Check device Credential". This showed Telnet was OK, but Enable by Telnet not OK.
This is the message I get when trying to sync archive.
"CM0151 PRIMARY RUNNING Config fetch failed for MyDevice Cause: Unable to enter ENABLE mode from USER mode"
Any ideas?
11-05-2007 10:34 PM
If you cannot get into enable mode, and you've rechecked the credentials, the problem is most likely command authorization. Before RME enables itself, it performs the following commands:
show privilege-level
terminal length 0
terminal width 0
All of those commands must succeed. The easiest way to determine the problem for sure, though, is to get a sniffer trace of all telnet traffic to the switch when a sync archive job is running. It should then become very clear what is going wrong.
11-05-2007 11:16 PM
Thanks Joe. I will have to use a sniffer as those commands are coming through in the ACS logs for devices that are successful, but nothing is showing up for the unsuccessful devices in "Tacacs+ Administration active".
For others reading this post, I am troubleshooting in ACS by viewing Reports and Activities;
- Passed Authentications. This shows two lines, with privelege levels 1 and 15.
- TACACS+ Accounting active. This shows one line, with the "disc-cause" showing up as "lost-carrier"
- Tacacs+ Administration active. This shows successful commands during a Sync Archive of a device.
12-12-2007 10:35 PM
Hi Joe
I ran a sniffer and found that the switch was gettting into enable mode, then dropping out for some reason.
I then loaded the device into our DEV instance of RME and was able to successfully manage this device. It took me a while to work out what was different, but the Dev device was picking up the device as a 6506 rather than a 6509.
Deleting and re-entering the device into our PROD RME server worked as the device was now detected as a 6506. I'm not sure what the difference is between these models that would stop a config retrieval, but this seemed to be enough.
What I thought was strange, however, was that RME did not flag that device as "Conflicting", even thought inventory collections on this device were successful.
Cheers
02-22-2009 10:03 AM
HI Matthew/Joe,
I am facing the same error. can you please describe me the solution in details.
02-22-2009 03:04 PM
Please start a new thread for your issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide