Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
464
Views
0
Helpful
5
Replies

Not In ACS list access from 'dcrcli' ...possible? (LMS 2.6)

philip.r.hayes
Level 1
Level 1

‎01-14-2009 11:17 AM

Hello,

I can view a list of devices that are on the 'not in acs' list so those devices are available in some way. (Solaris servers)

The drawback to ACS mode, which we use, is that they cannot be deleted or have their IPs changed, etc.

But, in Campus Mgr, that list could be helpful to identify devices that we didn't get into ACS and the DCR.

Our situation is unique. We have CM and RME on two separate servers to manage server resources better. We don't use the CM server to populate the RME server.

So, not to dwell too much on our specifics, that's the way we have to do it.

So, bottom line, if I could use dcrcli or command line scripting to get that list outside the GUI, we could really have something. That list could be SCP'd to another server and parsed out for devices that answer to pings, have hostnames that are identified, using our naming standard, as Cisco devices, and generate a list of "stuff that slipped through the crack."

The Not in ACS list under common services can't be scheduled and therefore exported to a file on the server so I'm looking for a work-around.

Any suggestions?

Thanks!

Labels:
0 Helpful
5 Replies 5

Joe Clarke
Cisco Employee
Cisco Employee

‎01-14-2009 11:27 AM

This is currently not possible. There is an expAcs command for dcrcli which will allow you to export devices from DCR to the ACS server (if those devices are not already in ACS).

0 Helpful

philip.r.hayes
Level 1
Level 1
In response to Joe Clarke

‎01-14-2009 11:48 AM

I can see where that answers the question as to whether it can be done from the cli using RME commands.

But, aren't NI-acs devices still on record somewhere in a directory, file, etc? I seemed to recall that NI-acs devices are simply those that do not have a DeviceID but somewhere on the server, there is a file or directory with their name. If that's true, we can use unix commands to find them and build a list from outside CW.

That would still help us accomplish our goal.

Thanks for the speedy response.

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to philip.r.hayes

‎01-14-2009 11:58 AM

No, this is not the case. The devices are stored in the cmf database, and LMS talks to the ACS server to find those devices which are not authorized.

0 Helpful

philip.r.hayes
Level 1
Level 1
In response to Joe Clarke

‎01-14-2009 01:11 PM

To be sure I have this, you are saying that nowhere, in any files or directories, is there a way to use a cli command in unix, such as ls, locate, find, etc, that will produce the names of devices on the list?

Is there a way to poll the cmf database from outside the GUI?

What is the Solaris path to that cmf db? (I'm not a great unix guy, ...yet)

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to philip.r.hayes

‎01-14-2009 01:39 PM

No, there is no way to get to the data you want from the command line. Direct access to the database is not supported. The only way to access this data is through the web. Once the report is run, it can be exported to a CSV file.

0 Helpful
Customers Also Viewed These Support Documents