SNMP string change process

Unanswered Question
Dec 18th, 2007

The environment includes over 600 switches with a variety of CatOS and IOS versions. The management and monitoring tool for this site is the LMS 2.6 bundle (DFM 2.0.9, CM 4.0.9, RME 4.0.5). After a staffing change, I'm trying to change passwords and SNMP strings. My problem is that in creating a NetConfig job, it changes the SNMP string on the device, but I'm catching alerts that the strings don't match almost immediately. What is the best way to update SNMP strings or do I simply deal with the alerts until I can also update credentials?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Tue, 12/18/2007 - 09:55

The Netconfig job should handle updating DCR upon success. How are you creating the job? If you create a Community string job with the action of "Replace" the community strings will be overwritten in DCR. Else, DCR will not be updated.

peter.schaller Tue, 12/18/2007 - 10:54

This was creating the jobs with 'Replace' for both RO and RW strings in a single job. As you suggest, I was getting "Deploy command partially failed" but with devices having updated strings. I guess my question should be, why am I getting this same partial failure for all devices I'm trying?

Joe Clarke Tue, 12/18/2007 - 11:02

You will need to provide the Netconfig job log with ConfigJob debugging enabled under RME > Admin > System Preferences > Loglevel Settings.

peter.schaller Tue, 12/18/2007 - 11:50

Great idea, alas that information creates another question. Using the SNMP Community template, the CLI created is:

no snmp-server community %OLD_READONLY_PASSWORD%

snmp-server community NEWROSTRING ro

no snmp-server community %OLD_READWRITE_PASSWORD%

snmp-server community NEWRWSTRING ro

I've selected 'Replace' in the job and put in the new NEWROSTRING and NEWRWSTRING. Credentials are good before running the job. When executed, the failure reported is:

Cannot find community OLDROSTRING

Cannot find community OLDRWSTRING

Respeating the 'no snmp-server community STRING' command works without issue. In this case the switch is IOS 12.2. Any more ideas?

Joe Clarke Tue, 12/18/2007 - 14:32

I'd still need to see the log and possibly a sniffer trace to see exactly the CLI being put onto the device. If you can simply copy and paste the "no" command, and the switch takes it, you may have found a bug in RME.

steffen.plorin Thu, 01/24/2008 - 00:15

He Jclarke,

this question is still open, about the step-by-step procedure how to change snmp string and password via netconfig additional the credentials in LMS devices. Wehn I send such netconfig to devices, does this job update also the lms device credentials ? Or do I prepare a csv file for import with new strings ?

Danke Gruss Steffen

Joe Clarke Thu, 01/24/2008 - 07:11

If the job is fully successful, the credentials in DCR will be updated automatically.

steffen.plorin Thu, 01/24/2008 - 22:50

Guten Morgen Jclarke,

danke for answer !

What will be happens if the job failed based on couple devices, like 3 devices of 200 devices. Will the 197 device credentials updated and only three 3 devices what failed not ?

Gruss Steffen

Joe Clarke Thu, 01/24/2008 - 22:53

All devices that are successful will have their credentials updated.

steffen.plorin Thu, 01/24/2008 - 23:17

He Jclarke,

cool, please allow one more question ...then we can close successfully this one.

In LMS the devices are on multiple places like ALL; Device Type Groups and User Defined Groups. If I change the credentials for devices under User Defined Groups does it appear unique under ALL and Device Type Groups ? The main problem for me is when the discovery find a new device add it to dynamically User Defined Group based that the filter working correctly, I can only realize it to do the csv export and check with the list where are credentials missing and where not ! May you know another way how to find devices with no credentials! Sure with check credentials I will get a list of devices, but I still have some device where I check twice all the credentials inside of device and inside of LMS and they are still coming with wrong credentials on the list. Also I have one more problem, when I build reports for syslog as example and type in the device I got a message user have no access to it, when I add the device.domainname then is working ! Why doe LMS do not grep the domainname on all places ?

Ops some more question, this is how I am, sorry about me , but I appreciate all your help so much, so I take not only one finger I take the hand completelly if that is ok with you !

Gruss Steffen


This Discussion