01-06-2010 02:21 AM
My CW is unable to collect the config in RME
I'm using CDP, OSPF, and BGP for discovery..
I udnerstand that CW use snmp read community string to discover network devices. I can see CW pick up the devices in the device management list, but when I do a ssh credential check, the devices behind the firewall fails. The snmp R & W credentials are correct I can logon to the network device using the primary account without an problem. What could be the problem? What do I need check/perform in order to collect the aconfig for archive. Do I need to open a port on the firewall for CDP traffic? Other devices (not behind the firewall) works fine.
Your input is greatly appreciated.
01-06-2010 08:56 AM
CDP is not required for RME to fetch configs. What version of RME do you have? What error do you get when trying to fetch the config? What type of devices are failing? What version of code are they running?
01-06-2010 09:19 AM
Im running RME 4.3.1
Attached is the screenshot [2] of unsuccessful configs archive and inventory collection failures.
Here are e error messages:
SH: Failed to establish SSH connection to 10.x.x.x - Cause: Read timed out. TELNET: Failed to establish TELNET connection to 10.x.x.x - Cause: connect timed out.
Could not detect SSH protocols running on the device TELNET: Failed to establish TELNET connection to 10.x.x.x - Cause: connect timed out.
Could not detect SSH protocols running on the device TELNET: Failed to establish TELNET connection to 10.x.x.x - Cause: connect timed out. Failed to fetch config using TFTP Failed to fetch config using RCP.Verify RCP is enabled or not. Failed to fetch config using SCP.Socket closed Verify SCP is enabled or not.
I can logon (using putty) without a problem using the same account.
01-06-2010 09:26 AM
The error points to a firewall or access list blocking tcp/22 from the RME server. While you can login using PuTTY with the same credentials, can you login from the RME server?
01-06-2010 09:33 AM
All my CW applications (including RME) are locate on the same server, and yes I can telnet/ssh from the server.
I dont think the ACL block it as I can remote to it using putty
01-06-2010 09:36 AM
From the server, telnet to this device on tcp/22. That is:
telnet 10.x.x.x 22
What output do you get?
01-06-2010 09:42 AM
I get this output:
SSH-1.99-Cisco-1.25
01-06-2010 09:48 AM
You may need to increase one of the timeouts in the cmdsvc.properties file. I suggest you open a TAC service request so more analysis can be done.
01-06-2010 09:51 AM
Got it, so you think its got nothinhg to do with the firewall? I have problem with 200+ devices
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: