Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
557
Views
0
Helpful
5
Replies

DMF w/ ACS Mode Enable - Can I add new nodes to DFM that are not in ACS

Go to solution
GERARD PUOPLO
Level 1
Level 1

‎10-07-2008 06:34 AM

We have DFM on seperate server as a slave DCR to our master DCR. we have many carrier CEs that are cisco routers that we have SNMP access to and wanted to monitor via DFM. We currently have LMS fully integrated in ACS mode. We don't want to add the carrier CEs to ACS but without doing so how can we still add them to DFM for monitoring ?

What if I just broke DMF import from master DCR. Can I then add to DMF any supported devices that I want whether or not its in the DCR ?

Thx

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to GERARD PUOPLO

‎10-07-2008 08:45 AM

Yes, you would need to add each user to LMS locally, and assign them the appropriate roles.

The rest of the steps sound right. Though you do not need to disable DFM auto-sync. You can still let DFM sync all devices with DCR. Any device added to this standalone DCR will then be auto-managed by DFM.

View solution in original post

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to GERARD PUOPLO

‎10-07-2008 09:24 AM

Because the master DCR will have one set of devices that will not be synced to the now-Standalone DCR on the DFM server. For example, if you add new device, deviceN to the master server, you would have to manually add this device to the DFM DCR as well. If you have an automated dcrcli script which runs on the master, and exports a file which can then be imported by the DFM DCR, then you don't have to do this.

This is entirely optional. You can certainly keep both DCRs in sync manually.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎10-07-2008 07:02 AM

When integrated with ACS, LMS will only manage devices which are also present in the same ACS server. Therefore, you either need to disable ACS integration, or add your CEs (note: the CEs do not have to actually authenticate to that ACS server).

If you do not integrate the slave with ACS, and set it as a standalone DCR, then you can add the CEs to that DCR, and manage them without making them ACS clients. You can then use dcrcli to script a manual DCR sync between master and slave for your other devices.

0 Helpful

Go to solution
GERARD PUOPLO
Level 1
Level 1
In response to Joe Clarke

‎10-07-2008 08:42 AM

Assuming we go with option 2, I would need to do the following ?

1st) Go to CS-Server-AAA Mode Setup

Change from ACS to NON-ACS but retain use user authentication via ACS.

2nd) Now without ACS mode, I would need to specify my DFM admins roles locally. Would I need to also define all userids locally now ?

3rd: DFM -> Device Import

DisableAuto Import Sync with master DCR

4th: CS->Device Credentials ->Mode Settings -> change Mode to Standalone

5th) Write dcrcli script to manually sync with master CDR for internal routers and switches

6th) Manually import Carrier CE devices

Is that about it ?

thx

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to GERARD PUOPLO

‎10-07-2008 08:45 AM

Yes, you would need to add each user to LMS locally, and assign them the appropriate roles.

The rest of the steps sound right. Though you do not need to disable DFM auto-sync. You can still let DFM sync all devices with DCR. Any device added to this standalone DCR will then be auto-managed by DFM.

0 Helpful

Go to solution
GERARD PUOPLO
Level 1
Level 1
In response to Joe Clarke

‎10-07-2008 09:20 AM

>> Though you do not need to disable DFM auto-sync. You can still let DFM sync all devices with DCR. Any device added to this standalone DCR will then be auto-managed by DFM.

Then why would I need the dcrcli script ?

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to GERARD PUOPLO

‎10-07-2008 09:24 AM

Because the master DCR will have one set of devices that will not be synced to the now-Standalone DCR on the DFM server. For example, if you add new device, deviceN to the master server, you would have to manually add this device to the DFM DCR as well. If you have an automated dcrcli script which runs on the master, and exports a file which can then be imported by the DFM DCR, then you don't have to do this.

This is entirely optional. You can certainly keep both DCRs in sync manually.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents