LMS 3.1 Vlan Download Problem

Answered Question
Feb 9th, 2009

We are running LMS3.1 and many switches are reporting as "partially successful" due to the VLAN download failing with this error:

"Command failedTELNET: Failed to establish TELNET connection to X.X.X.X - Cause: Authentication failed on device 3 times" (where x.x.x.x is our real ip)

Credentials have been checked (running and startup configs are being downloaded successfully)

Another user is having a similar problem, and jclarke reported they are hitting bug CSCsq66458, but that seems to only apply to devices without a vlan.dat in the flash, while many of ours do have a vlan.dat, yet still fail.

Any ideas?

Correct Answer by Joe Clarke about 8 years 2 weeks ago

That's the problem. If you disable this, vlan.dat fetch will work.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
zztopping Mon, 02/09/2009 - 12:39

I am currently set to SSH first then TELNET as a fallback. TFTP is not allowed at all for config fetching.

If I just sync the archive for one device i get the following error output:

*** Device Details for XXXXXX ***

Protocol ==> SSH

Selected Protocols with order ==> SSH,Telnet

Execution Result:


Primary Login Succeeded

/ Primary Enable Succeeded

CM0061 PRIMARY RUNNING Config fetch SUCCESS for XXXXXX, no change in configuration.


CM0151 VLAN RUNNING Config fetch failed for XXXXXXX Cause: Command failedCommand failed Action: Check if protocol is supported by device and required device package is installed. Check device credentials. Increase timeout value, if required.


I guess the logical next step would be to sniff the traffic, but that is fairly difficult for me...anything else I should try before that?

Joe Clarke Mon, 02/09/2009 - 12:46

You can enable ArchiveMgmt Service debugging under RME > Admin > System Preferences > Application Loglevel Settings, and re-run the job. The dcmaservice.log will have the transaction.

zztopping Mon, 02/09/2009 - 13:43

Ah. I see the problem:

[ Mon Feb 09 16:18:42 EST 2009 ],DEBUG,[Thread-502],com.cisco.nm.xms.xdi.transport.cmdsvc.LogAdapter,debug,31,Returning from interact('copy flash:vlan.dat tftp:'):


Address or name of remote host []? XXX.XXX.XXX.XXX

TFTP: error code 2 received - 16739

%Error opening tftp://XXX.XXX.XXX.XXX/vlan.dat (Permission denied)


The IP in X's is the IP of Ciscoworks server. Any idea why its saying permission denied?

Correct Answer
Joe Clarke Mon, 02/09/2009 - 13:59

That's the problem. If you disable this, vlan.dat fetch will work.

zztopping Mon, 02/09/2009 - 14:09

Thanks, that appears to be the exception to the rule for our config standards.


This Discussion