LMS 3.1 Vlan Download Problem

Answered Question
Feb 9th, 2009
User Badges:

We are running LMS3.1 and many switches are reporting as "partially successful" due to the VLAN download failing with this error:

"Command failedTELNET: Failed to establish TELNET connection to X.X.X.X - Cause: Authentication failed on device 3 times" (where x.x.x.x is our real ip)


Credentials have been checked (running and startup configs are being downloaded successfully)


Another user is having a similar problem, and jclarke reported they are hitting bug CSCsq66458, but that seems to only apply to devices without a vlan.dat in the flash, while many of ours do have a vlan.dat, yet still fail.


Any ideas?

Correct Answer by Joe Clarke about 8 years 3 months ago

That's the problem. If you disable this, vlan.dat fetch will work.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Joe Clarke Mon, 02/09/2009 - 12:19
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

I've been helping another user with a similar problem. While your issue may be different, you should try some of the things I've outlined in this post:


http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Network%20Management&topicID=.ee71a02&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc2eb54

zztopping Mon, 02/09/2009 - 12:39
User Badges:

I am currently set to SSH first then TELNET as a fallback. TFTP is not allowed at all for config fetching.


If I just sync the archive for one device i get the following error output:


*** Device Details for XXXXXX ***

Protocol ==> SSH

Selected Protocols with order ==> SSH,Telnet

Execution Result:

RUNNING

Primary Login Succeeded

/ Primary Enable Succeeded

CM0061 PRIMARY RUNNING Config fetch SUCCESS for XXXXXX, no change in configuration.

VLAN

CM0151 VLAN RUNNING Config fetch failed for XXXXXXX Cause: Command failedCommand failed Action: Check if protocol is supported by device and required device package is installed. Check device credentials. Increase timeout value, if required.

****************


I guess the logical next step would be to sniff the traffic, but that is fairly difficult for me...anything else I should try before that?

Joe Clarke Mon, 02/09/2009 - 12:46
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You can enable ArchiveMgmt Service debugging under RME > Admin > System Preferences > Application Loglevel Settings, and re-run the job. The dcmaservice.log will have the transaction.

zztopping Mon, 02/09/2009 - 13:43
User Badges:

Ah. I see the problem:


[ Mon Feb 09 16:18:42 EST 2009 ],DEBUG,[Thread-502],com.cisco.nm.xms.xdi.transport.cmdsvc.LogAdapter,debug,31,Returning from interact('copy flash:vlan.dat tftp:'):

{

Address or name of remote host []? XXX.XXX.XXX.XXX

TFTP: error code 2 received - 16739


%Error opening tftp://XXX.XXX.XXX.XXX/vlan.dat (Permission denied)

XXXXXXXXXX#}


The IP in X's is the IP of Ciscoworks server. Any idea why its saying permission denied?

Joe Clarke Mon, 02/09/2009 - 13:54
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Do you have "file prompt quiet" configured?

Correct Answer
Joe Clarke Mon, 02/09/2009 - 13:59
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

That's the problem. If you disable this, vlan.dat fetch will work.

zztopping Mon, 02/09/2009 - 14:09
User Badges:

Thanks, that appears to be the exception to the rule for our config standards.



Actions

This Discussion