RME Software distribution requires SNMP write

Unanswered Question
Apr 28th, 2008

Within our implementation of LMS 3.0 we have specifically not provided SNMP write credentials for the purpose of security.

This is because we have integrated LMS with ACS and if LMS uses SNMP write to make changes it bypasses LMS authentication and auditing.

However when performing software distribution tasks, the jobs are failing with the following error:

SWIM5004: Cannot initiate SNMP-set operation.

Within RME > Admin > Software Management > Preferences I have set the following:

"Use SSH for software image upgrade and software image import through CLI (with fallback to TELNET"

Within the failed job logs I also get the following:

Protocol Order for Image Transfer: TFTP

Protocol Order for COnfig-operations: SSH,Telnet,TFTP

WHY therefore is a software distribution job trying to use SNMP sets?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Mon, 04/28/2008 - 09:06

For most devices, RME uses the CISCO-FLASH-MIB to copy the image to the device. This requires that RME be allowed to send SNMP SET requests to the device to trigger the copy.

When interactive access is required (e.g. for desktop switches), then the CLI is used.

Mike Bailey Mon, 04/28/2008 - 12:05

Thanks, any way of over-riding this and forcing use of SSH/CLI?

Have just found similar issue with Campus Manager and VLAN creation operations.

Its annoying that RME lets you set the protocols used for NetConfig, ConfigEditor, NetShow etc, and then uses SNMP blindly for others.

The problem is that because we run a secure network which has to meet extremely strict auditting rules/regulations we must ensure all changes to devices go through CLI/ACS and therefore create TACACS+ accounting records.

Joe Clarke Mon, 04/28/2008 - 12:42

Unfortunately this cannot be overridden. Some things will just use SNMP (CiscoView is another such thing).

Actions

This Discussion