LMS devices config management

Unanswered Question
Oct 21st, 2008
User Badges:

Hi,


i implemented LMS 2.6. I need to configure devices configuration management:Scheduled backup, ...Please can you help about steps on LMS and CLI commands on Routers to accomplish this task?

Thanks in advance,

Edy

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Tue, 10/21/2008 - 12:34
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Scheduled Backup has nothing to do with device configuration management. A scheduled backup backs up the LMS data from all applications. Do you want to configure this, or do you want to setup RME to periodically archive the configurations from your devices?

edy-khalife Tue, 10/21/2008 - 12:40
User Badges:

please i want to setup RME to periodically archive the configurations from my devices.


Joe Clarke Tue, 10/21/2008 - 14:09
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Go to RME > Admin > Config Mgmt > Collection Settings, and enable both the polling and the collection jobs. Then, schedule each job type to run when you want. The recommendation is to run periodic polling jobs daily, and periodic collection jobs weekly.

edy-khalife Tue, 10/21/2008 - 14:31
User Badges:

and nothing should be enabled on the routers and switches ? (rcp, cdp,...?)

edy-khalife Wed, 10/22/2008 - 01:38
User Badges:

thanks i started see things. but can you help with the CLI command on ASA and Content Switch?



Joe Clarke Wed, 10/22/2008 - 09:03
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

What configuration tasks do you need to perform on these device types?

edy-khalife Wed, 10/22/2008 - 09:18
User Badges:

Hi,

i need to access ASA and CSS11503 config from LMS. As well back it up.

Joe Clarke Wed, 10/22/2008 - 09:23
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

I assume you already have telnet and/or SSH configured on these devices, then. To configure SNMP on the ASA, follow these steps:


http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logconf.html#wp1042030


To configure SNMP on the CSS, follow these steps:


http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/administration/guide/SNMP.html#wp1015685


Then, you just need to configure your devices' SNMP community strings and telnet/SSH credentials in Common Services > Device and Credentials > Device Management. SNMP and telnet/SSH are sufficient to manage these two device types.

edy-khalife Fri, 10/24/2008 - 05:01
User Badges:

Hi,

i enabled scp and ssh from LMS.i am still having the following errors while retreiving the config file. please advise.


1. Firewall2 PRIMARY RUNNING Oct 24 2008 04:20:49 CM0056 Config fetch failed for Firewall 2 Cause: CM0204 Could not create

DeviceContext for 17 Cause: CM0206 Could not get the config transport implementation for 10.160.149.4 Cause: UNKNOWN Action:

Check if required device packages are available in RME. Action: Check if protocol is supported by device and required device

package is installed.


2. Firewall1 PRIMARY RUNNING Oct 24 2008 04:20:53 CM0056 Config fetch failed for Firewall1 Cause: CM0204 Could not create

DeviceContext for 7 Cause: CM0206 Could not get the config transport implementation for 10.160.149.2 Cause: UNKNOWN Action:

Check if required device packages are available in RME. Action: Check if protocol is supported by device and required device

package is installed.


3. Intrusion Prevention PRIMARY RUNNING Oct 24 2008 04:20:49 CM0056 Config fetch failed for Intrusion Prevention Cause:

CM0204 Could not create DeviceContext for 15 Cause: CM0206 Could not get the config transport implementation for 10.180.1.254

Cause: UNKNOWN Action: Check if required device packages are available in RME. Action: Check if protocol is supported by

device and required device package is installed.


Joe Clarke Fri, 10/24/2008 - 11:14
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

This indicates that you are missing a device package for your devices, or you have an installation problem. What are the sysObjectIDs from these three devices?

edy-khalife Fri, 10/24/2008 - 12:04
User Badges:

how i can check the sysObjectIDs? and how i can get a device package, and install it?

thanks

Joe Clarke Fri, 10/24/2008 - 12:06
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You can use the SNMP Walk tool in Device Center with the starting OID of "sysObjectID". Device package updates can be downloaded from Common Services > Software Center > Device Update.

edy-khalife Fri, 10/24/2008 - 12:24
User Badges:

one clarification: on the routers and switches in rcp command there is user and passwoerd option.

but in ASA i don't find this option in scp command? can you advise?

Joe Clarke Fri, 10/24/2008 - 17:59
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

RCP does not require a password, just a username. Instead of a password you configure trusted hosts. SCP works just like SSH. You must provide both a username and a password. SCP is configured just like SSH on IOS, except you also need to add:


ip scp server enable.

edy-khalife Sat, 10/25/2008 - 02:05
User Badges:

hi the commands on ASA that i configured are:

ssh scp ennable

ssh "IP of LMS" inside


is there any command needed in addition?


the above command is for routers and switches.

Joe Clarke Sat, 10/25/2008 - 14:46
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

SCP is not supported for the ASA devices in RME. You can only use SSH or telnet to fetch the config from those devices.

edy-khalife Sun, 10/26/2008 - 00:56
User Badges:

so ssh "IP" only needs to be used and ssh scp enable should be removed?

Joe Clarke Sun, 10/26/2008 - 11:39
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Yes. This plus SNMP will allow LMS to fully manage the ASA.

edy-khalife Sat, 10/25/2008 - 06:59
User Badges:

i did the SNMP walkout, i got the following:


The following is a SNMP walk of device 10.160.149.2 starting from sysObjectID


SNMP Walk Output

--------------------------------------------------------------------------------

sysObjectID


RFC1213-MIB::sysObjectID.0 = OID: CISCO-SMI::ciscoProducts.672


what infos this give?

Joe Clarke Sat, 10/25/2008 - 14:53
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

This device should be supported. Go to Common Services > Software Center > Device Update, and click on the number next to Resource Manager Essentials. In the resulting pop-up, enter 1.3.6.1.4.1.9.1.672 in the text box. Search by SysObjectID. You should see a match. If not, you will have to update your RME packages.

Actions

This Discussion