SNMP Only Access from Cisco Works

Unanswered Question
Feb 22nd, 2010
User Badges:

Due to New Corporate Security Policies, only 2 servers can access the routers and switches via SSH2 and Telnet.

The Server that Cisco Works is running on, now can only access the routers and switches via SNMP v2 only.

Network Devices are syslog'ing  to Cisco Works, but not SNMP Trap'ing to Cisco Works.

No TFTP from/to Cisco Works


I am trying to come up with a list of items that are useless now in  Cisco Works:


No SSH/Telnet access to Routers/Switches

  1)  no Configuration Version'ing - Running config to Startup config or to various versions.

  2)  no Copying of the VLAN.dat file for backup, uses TFTP

  3)  no Copying of the IOS from flash for backup, uses TFTP


No SNMP Traps to Cisco Works

  1)  disables notifications to Cisco Works when a configuration change has been made, causing the new config to be archived promptly instead of waiting

          on the collection job to run.

  2)  Renders the User Tracking Tool basically useless,  could track dot1X switch ports status and other info.



SNMP only access from Routers/Switches

  1)  can modify Router/Switch Configs from Cisco Works

  2)  Archive of Router/Switch Configs to Cisco Works.


This is what I came up with so far, if anyone can add to the list, I would appreciate it.


Charlie

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
yjdabear Mon, 02/22/2010 - 18:27
User Badges:
  • Gold, 750 points or more

>> No SNMP Traps to Cisco Works

>>  1)  disables notifications to Cisco Works when a configuration  change has been made, causing the new config to be archived promptly  instead of waiting on the collection job to run.


I believe RME picks up on the config changes through syslogs rather than SNMP traps.


>>   2)  Renders the User Tracking Tool basically useless,  could track  dot1X switch ports status and other info.


That, but more specifically impairing the Dynamic UT feature (the traditional UT acquisitions should be fine), and DFM loses out one of its info sources as well.



>> SNMP only access from Routers/Switches

>>   1)  can modify Router/Switch Configs from Cisco Works

>>  2)   Archive of Router/Switch Configs to Cisco Works.


Perhaps you meant the opposite? Because both of these are accomplished by RME via SSH/telnet/rcp/blah...


Having only SNMP read/write access leaves you with IPM, CiscoView, and a tiny piece of Campus Manager functionalities. That's all I can think of.

charlie-hall Thu, 02/25/2010 - 07:38
User Badges:

Thank you for correcting this:

>> SNMP only access from Routers/Switches

>>   1)  can modify Router/Switch Configs from Cisco Works

>>  2)   Archive of Router/Switch Configs to Cisco Works.


If I had SNMP & TFTP from the routers & switches to Cisco Works, The Archive Config process will detect a config change via SNMP and if a config has changed then SNMP will TFTP the startup config to the shadow directory?


CSCOpx\files\rme\dcma\shadow\Switches_and_Hubs\PRIMARY


Thanks



This has been updated.

Telnet.  The Server that Cisco Works is running on, now can only access the routers and switches via SNMP v2 only.   Network Devices are sysloging  to Cisco Works, but not SNMP Trapping to Cisco Works.

No TFTP from/to Cisco Works

I am trying to come up with a list of items that are useless now in  Cisco Works:

No SSH/Telnet access to Routers/Switches

  1)  no Configuration Versioning - Running config to Startup config or to various versions.

  2)  no Copying of the VLAN.dat file for backup, uses TFTP

  3)  no Copying of the IOS from flash for backup, uses TFTP

No SNMP Traps to Cisco Works

  1)  disables notifications to Cisco Works when a configuration change has been made, causing the new    config to be archived promptly instead of waiting on the collection job to run.

  2)  Renders the User Tracking Tool basically useless,  could track dot1X switch ports status and other info.

SNMP only access from Routers/Switches

  1)  cannot modify Router/Switch Configs from Cisco Works

  2)  cannot Archive of Router/Switch Configs to Cisco Works.

  3)  Only IPM, Cisco View, and a tiny piece of Campus Manager functionalities will function.

yjdabear Fri, 02/26/2010 - 08:38
User Badges:
  • Gold, 750 points or more

I still don't think RME processes SNMP traps. AFAK, syslog is the only source that triggers ad-hoc Archive Config (see RME - Tools - Syslog - Automated Actions - Config Fetch). If LMS is going to lose SSH/telnet access, RME could still fetch the startup/running configs and vlan.dat via TFTP. OTOH, ASA/PIX/FWSM firewalls are SOL because they're archived through SSH/telnet (see the latest discussion here: https://supportforums.cisco.com/thread/2005580?tstart=0)

Actions

This Discussion