cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1385
Views
0
Helpful
8
Replies

ciscoworks unable to collect config in RME due to firewall?

baotran09
Level 1
Level 1

My CW is unable to collect the config in RME

I'm using CDP, OSPF, and BGP for discovery..

I udnerstand that CW use snmp read community string to discover network devices. I can see CW pick up the devices in the device management list, but when I do a ssh credential check, the devices behind the firewall fails. The snmp R & W credentials are correct I can logon to the network device using the primary account without an problem. What could be the problem? What do I need check/perform in order to collect the aconfig for archive. Do I need to open a port on the firewall for CDP traffic? Other devices (not behind the firewall) works fine.

Your input is greatly appreciated.

8 Replies 8

Joe Clarke
Cisco Employee
Cisco Employee

CDP is not required for RME to fetch configs.  What version of RME do you have?  What error do you get when trying to fetch the config?  What type of devices are failing?  What version of code are they running?

Im running RME 4.3.1

Attached is the screenshot [2] of unsuccessful configs archive and inventory collection failures.

Here are e error messages:

SH: Failed to establish SSH connection to 10.x.x.x - Cause: Read timed out. TELNET: Failed to establish TELNET connection to 10.x.x.x - Cause: connect timed out.
Could not detect SSH protocols running on the device TELNET: Failed to establish TELNET connection to 10.x.x.x - Cause: connect timed out.
Could not detect SSH protocols running on the device TELNET: Failed to establish TELNET connection to 10.x.x.x - Cause: connect timed out. Failed to fetch config using TFTP Failed to fetch config using RCP.Verify RCP is enabled or not. Failed to fetch config using SCP.Socket closed Verify SCP is enabled or not.

I can logon (using putty) without a problem using the same account.

The error points to a firewall or access list blocking tcp/22 from the RME server.  While you can login using PuTTY with the same credentials, can you login from the RME server?

All my CW applications (including RME) are locate on the same server, and yes I can telnet/ssh from the server.

I dont think the ACL block it as I can remote to it using putty

From the server, telnet to this device on tcp/22.  That is:

telnet 10.x.x.x 22

What output do you get?

I get this output:

SSH-1.99-Cisco-1.25

You may need to increase one of the timeouts in the cmdsvc.properties file.  I suggest you open a TAC service request so more analysis can be done.

Got it, so you think its got nothinhg to do with the firewall? I have problem with 200+ devices

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: