Hi - I hope that somebody can help me....
I currently have a subcontractor using CiscoWorks to monitor a 700 site network. The WAN links and associated routers are currently supplied by supplier A but are being transitioned to supplier B. My subcontractor is primarily responsible for implementing and monitoring the LANs at each site but as they offer first and second line support for all networking issues they are currently permitted read-only access via SSH to the customer premise (CPE) routers. This helps assist them in troubleshooting routing errors, etc as they can view routing tables.
The new supplier has agreed to allow SSH access to their CPE routers but will only allow it on a non-standard port, i.e. not port 22.
My subcontractor it telling me that they cannot monitor the network as CiscoWorks relies on SSH access to all routers on port 22. They tell me that this is vital in order to be able to produce a topology diagram. My experience with CiscoWorks is very outdated but I understood that it would use CDP to do this (CDP is enabled on all routers and switches), or other protocols. I thought that SSH was only used for configuration management which is not relevant for these devices.
What I’m after is for somebody to tell me what the limitations are likely to be if CiscoWorks does not have SSH access to the routers, i.e. what will my subcontractor not be able to do.
Thanks in advance.
As long as the device offers SNMP read-only access (either with v1/v2c or v3), then Topology will work just fine. SSH is only used for configuration collection and deployment (and image collection and deployment). Inventory, fault, and topology are all done with SNMP.