CiscoWorks RME 4.2 Compliance Check Fails on SNMP Strings

slcornish · ‎08-07-2009

All,

RME 4.2 Compliance Check does not work when you try checking SNMP strings, passwords, or TACACS key because they're encrypted in the config archive. Is there a way to configure RME to have Compliance Check look at the actual value?

Stephanie

Joe Clarke · ‎08-07-2009

This is not true. SNMP communities are kept unencrypted in the archive, and you can run compliance checks on them. As for TACACS keys and passwords, they are encrypted, but you could run checks on the encrypted strings. If the cipher text is the same on the device as in your template, then the device is compliant.

slcornish · ‎08-07-2009

All of my Compliance Checks are failing.

Attached is an example of one of my Baseline Templates and status from Baseline Jobs

Joe Clarke · ‎08-07-2009

This template is invalid because you're mixing IOS and CatOS commands. Create one template with the following:

+ snmp-server community COMMUNITY RO

+ snmp-server community COMMUNITY RW

Use that template to test your IOS devices. Then, create another template with:

+ set snmp community read-only COMMUNITY

+ set snmp community read-write COMMUNITY

Use that to test your CatOS devices.