Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
824
Views
0
Helpful
3
Replies

RME Software distribution requires SNMP write

Mike Bailey
Level 1
Level 1

‎04-28-2008 04:13 AM

Within our implementation of LMS 3.0 we have specifically not provided SNMP write credentials for the purpose of security.

This is because we have integrated LMS with ACS and if LMS uses SNMP write to make changes it bypasses LMS authentication and auditing.

However when performing software distribution tasks, the jobs are failing with the following error:

SWIM5004: Cannot initiate SNMP-set operation.

Within RME > Admin > Software Management > Preferences I have set the following:

"Use SSH for software image upgrade and software image import through CLI (with fallback to TELNET"

Within the failed job logs I also get the following:

Protocol Order for Image Transfer: TFTP

Protocol Order for COnfig-operations: SSH,Telnet,TFTP

WHY therefore is a software distribution job trying to use SNMP sets?

Labels:
0 Helpful
3 Replies 3

Joe Clarke
Cisco Employee
Cisco Employee

‎04-28-2008 09:06 AM

For most devices, RME uses the CISCO-FLASH-MIB to copy the image to the device. This requires that RME be allowed to send SNMP SET requests to the device to trigger the copy.

When interactive access is required (e.g. for desktop switches), then the CLI is used.

0 Helpful

Mike Bailey
Level 1
Level 1
In response to Joe Clarke

‎04-28-2008 12:05 PM

Thanks, any way of over-riding this and forcing use of SSH/CLI?

Have just found similar issue with Campus Manager and VLAN creation operations.

Its annoying that RME lets you set the protocols used for NetConfig, ConfigEditor, NetShow etc, and then uses SNMP blindly for others.

The problem is that because we run a secure network which has to meet extremely strict auditting rules/regulations we must ensure all changes to devices go through CLI/ACS and therefore create TACACS+ accounting records.

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to Mike Bailey

‎04-28-2008 12:42 PM

Unfortunately this cannot be overridden. Some things will just use SNMP (CiscoView is another such thing).

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents