Ciscoworks Netconfig/Netshow Response

Answered Question

Is there a way to run commands form a netshow or netconfig job and have the entire session response captured?  For example, I would like to know that all of the telnet and enable passwords for a group of devices are correct.  Can I create a job that will simply login to a device and I can see the output of those commands as if I were at the console... not just told that a job is successful or failed?  There are other instances where I can think this would be helpful but I haven't figured out how to do it yet.

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 6 years 11 months ago

In order for RME to use secondary credentials, make sure you have the "Fallback to Secondary Credentials" checked under RME > Admin > System Preferences > RME Secondary Credentials.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Joe Clarke Mon, 01/11/2010 - 11:52

The actual login process is not captured.  So seeing RME login to a device is not possible.  However, for RME to run a Netshow job successfully, the login and enable credentials must be correct in DCR.  As for viewing show command output, that is certainly possible in Netshow.  After the job completes, you can view the per-device details to see the full output of the commands executed.

But if you just want to validate the login and enable credentials, run a Device Credential Verification job under RME > Devices > Device Management > Device Credential Verification Jobs.  You won't see actual login output, but you will be able to positively determine if the DCR credentials are correct.

Thanks Joe.  If I run a Device Credential Verification and select "Telnet Enable Mode User Name and Password" will it check the fallback telnet and enable passwords I have configured or does it use Tacacs credentials to enter telnet and enable mode?  That's why I'd like to see the output just to be sure of the credentials being used.  We rarely use these fallback credentials so I want to be sure the changes are made correctly.  I just want some sort of feedback after an enable password change that it was completed correctly.

If I run a test with access to tacacs enabled it reports "Successful" and "Ok(Primary Successful)" under "Enable by Telnet".  However, if I disable tacacs server access (by temporarily shutting the port) it reports "Successful" but "Did Not Try" under "Enable by Telnet".  I'm confused by these messages.

Correct Answer
Joe Clarke Mon, 01/11/2010 - 12:28

In order for RME to use secondary credentials, make sure you have the "Fallback to Secondary Credentials" checked under RME > Admin > System Preferences > RME Secondary Credentials.

You have me on the right track now.  I've enabled fallback to secondary credentials within RME and configured the secondary credentials in Common Services.  Now I get "Enable username credential missing" when there is no fallback "username" to configure.  Ideas?  Also, why would it tell me the job is successful prior to me telling Ciscoworks to use secondary credentials when ACS was disabled.  That is bothering me.  I would expect a failure.

Joe Clarke Mon, 01/11/2010 - 12:54

What do you mean there is no "username?"  There is a Username field available when configuring secondary credentials in DCR.  If you get a Username: prompt when connect to the device when the AAA server is disabled, then you need to fill in that credential in DCR.  If any of the tested credentials fail, the job itself will fail.  I've confirmed that is working properly in RME 4.3.1.

Actions

This Discussion