Not In ACS list access from 'dcrcli' ...possible? (LMS 2.6)

Unanswered Question
Jan 14th, 2009
User Badges:


I can view a list of devices that are on the 'not in acs' list so those devices are available in some way. (Solaris servers)

The drawback to ACS mode, which we use, is that they cannot be deleted or have their IPs changed, etc.

But, in Campus Mgr, that list could be helpful to identify devices that we didn't get into ACS and the DCR.

Our situation is unique. We have CM and RME on two separate servers to manage server resources better. We don't use the CM server to populate the RME server.

So, not to dwell too much on our specifics, that's the way we have to do it.

So, bottom line, if I could use dcrcli or command line scripting to get that list outside the GUI, we could really have something. That list could be SCP'd to another server and parsed out for devices that answer to pings, have hostnames that are identified, using our naming standard, as Cisco devices, and generate a list of "stuff that slipped through the crack."

The Not in ACS list under common services can't be scheduled and therefore exported to a file on the server so I'm looking for a work-around.

Any suggestions?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Wed, 01/14/2009 - 11:27
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

This is currently not possible. There is an expAcs command for dcrcli which will allow you to export devices from DCR to the ACS server (if those devices are not already in ACS).

philip.r.hayes Wed, 01/14/2009 - 11:48
User Badges:

I can see where that answers the question as to whether it can be done from the cli using RME commands.

But, aren't NI-acs devices still on record somewhere in a directory, file, etc? I seemed to recall that NI-acs devices are simply those that do not have a DeviceID but somewhere on the server, there is a file or directory with their name. If that's true, we can use unix commands to find them and build a list from outside CW.

That would still help us accomplish our goal.

Thanks for the speedy response.

Joe Clarke Wed, 01/14/2009 - 11:58
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

No, this is not the case. The devices are stored in the cmf database, and LMS talks to the ACS server to find those devices which are not authorized.

philip.r.hayes Wed, 01/14/2009 - 13:11
User Badges:

To be sure I have this, you are saying that nowhere, in any files or directories, is there a way to use a cli command in unix, such as ls, locate, find, etc, that will produce the names of devices on the list?

Is there a way to poll the cmf database from outside the GUI?

What is the Solaris path to that cmf db? (I'm not a great unix guy, ...yet)

Joe Clarke Wed, 01/14/2009 - 13:39
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

No, there is no way to get to the data you want from the command line. Direct access to the database is not supported. The only way to access this data is through the web. Once the report is run, it can be exported to a CSV file.


This Discussion