03-20-2009 08:32 AM
After initial installation of CW and device creation/import we opted to change the SNMP RO and RW community strings on all of our devices. We also added an ACL on each device to limit SNMP traffic to two syslog servers. After running the job to change the strings, the Default Credentials in CW were changed to match the new community strings. Since that time I have run multiple CDA jobs to ensure that communication with the devices is working properly. CDA jobs report that 80% of my devices have "Wrong Credentials" for SMMP Read and Write.
Is it possible that after changing the community strings and the CW default credentials, the new community strings did not take? Is there any way to verify that the default credentials are what they should be?
03-20-2009 10:28 AM
I have a mix of devices in DCR, some added with manually entered credentials, some with "use Default Credentials" checked. A device list export from DCR shows all of them populated with the same SNMP community strings. Changing the SNMP community string in Default Credentials triggers no corresponding change in the DCR export. Based on that, it would appear Default Credentials are only applied to newly added devices to DCR.
03-20-2009 10:30 AM
Any reason that the DCR would NOT get updated when I run a netconfig job to change all omy community strings?
03-20-2009 10:42 AM
Yeah, one'd expect it should, shouldn't it?
I can't make sense of why you're seeing only 80% failures in CDA. How's the distribution of old vs new SNMP strings, in your DCR export? (DCR - Device Management - Export)
Do you have the previous SNMP strings in the Secondary Credentials? I wonder how that might impact CDA results.
03-20-2009 10:52 AM
Never mind the Secondary Credentials. It doesn't apply to SNMP strings.
03-20-2009 12:04 PM
it is as yjdabear said: default credentials are only applied to devices newly added to DCR; devices in DCR which were yet contacted successfully have their credentials stored in the database until you change them through Common Services > Device and Credentials > Device Management;
Could it be that 20% of the devices were added/discoverd after you made the changes?
In Device And Credentials > Report you can launch a report that tells you when a device was added/updated/deleted to DCR
03-20-2009 12:07 PM
No devices have been added. The device that were in the DCR and being managed by CW had their Community Strings changed. The DCR was NOT updated as a result. Shouldn't it have updated itself?
03-20-2009 01:24 PM
I am not sure if I understand it correct...
If you think a RME job (net config) that changed community strings on devices should also trigger and update of DCR to reflect these changes, then no this is not the fact. And I do not know of any process that automatically _updates_ credentials in DCR. Credentials are only changed through the GUI:
Common Services > Device And Credentials > Device Management =>edit credentials
or CLI with 'dcrcli'
or by an import of devices into DCR;
How do you setup the CDA job?
03-24-2009 09:18 AM
Job Id: ####
Owner: rnieuwhof
Description: 3-24-2009-1040AM
Schedule Type: Immediate
Creation Time: Mar 24 2009 10:40:14 EDT
Start Time: Mar 24 2009 10:40:14 EDT
Credentials Selected: Read Community, Read Write Community, SSH.
Devices Selected: {All Devices}
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: