04-28-2008 04:13 AM
Within our implementation of LMS 3.0 we have specifically not provided SNMP write credentials for the purpose of security.
This is because we have integrated LMS with ACS and if LMS uses SNMP write to make changes it bypasses LMS authentication and auditing.
However when performing software distribution tasks, the jobs are failing with the following error:
SWIM5004: Cannot initiate SNMP-set operation.
Within RME > Admin > Software Management > Preferences I have set the following:
"Use SSH for software image upgrade and software image import through CLI (with fallback to TELNET"
Within the failed job logs I also get the following:
Protocol Order for Image Transfer: TFTP
Protocol Order for COnfig-operations: SSH,Telnet,TFTP
WHY therefore is a software distribution job trying to use SNMP sets?
04-28-2008 09:06 AM
For most devices, RME uses the CISCO-FLASH-MIB to copy the image to the device. This requires that RME be allowed to send SNMP SET requests to the device to trigger the copy.
When interactive access is required (e.g. for desktop switches), then the CLI is used.
04-28-2008 12:05 PM
Thanks, any way of over-riding this and forcing use of SSH/CLI?
Have just found similar issue with Campus Manager and VLAN creation operations.
Its annoying that RME lets you set the protocols used for NetConfig, ConfigEditor, NetShow etc, and then uses SNMP blindly for others.
The problem is that because we run a secure network which has to meet extremely strict auditting rules/regulations we must ensure all changes to devices go through CLI/ACS and therefore create TACACS+ accounting records.
04-28-2008 12:42 PM
Unfortunately this cannot be overridden. Some things will just use SNMP (CiscoView is another such thing).
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: