CiscoWorks and ACE modules

mikearama · ‎07-20-2010

Hey Techies...

Has anyone had success getting CW 3.2.0 to play nice with ACE modules (ACE20-MOD-K9)? In particular, I'm having issues getting any details on our contexts. I was able to add the contexts to inventory without issues, but I cannot do or see anything beyond that.

I have a feeling it has to do with this line in the ACE configs: snmp-server community mystringhere group Network-Monitor

From what I've read, the Network-Monitor group is a built in group that I cannot delete... however, I also cannot figure out how to modify it to include my ciscoworks server.

If anyone's been able to add ACE modules to ciscoworks, I'd love to know how. Any tips appreciated,

Mike

Marvin Rhoads · ‎07-20-2010

The ACE modules are only supported for functions of the RME and DFM components of CiscoWorks LMS. See http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/3.2/device_support/table/lms32sdt.html .

Is there something in particular you want to do but cannot? Generally speaking, detailed configuration management on ACE modules (apart from CLI) is done using Application Networking Manager (ANM). See http://www.cisco.com/en/US/products/ps6904/index.html .

mikearama · ‎07-20-2010

Thanks for the reply, and input.

I'm only really interested in the Config backup jobs... Archive Management in particular... in RME. I understand that ANM can do the same via Checkpoints, but I like the automated process in CiscoWorks.

When I create an Archive job to backup the config, the failure message is: "CM0056 Config fetch failed for Prod-ACE-Admin Cause: CM0204 Could not create DeviceContext for 81 Cause: CM0206 Could not get the config transport implementation for 10.22.20.22 Cause: CM0202 Could not access 10.22.20.22 via SNMP. Action: Check the Read Community String. Action: Check if protocol is supported by device and required device package is installed."

I have double-checked the snmp string... in the ACE-Admin context: snmp-server community mystringhere group Network-Monitor

... which matches that configured in CW.

I have to assume it's the "group Network-Monitor" ACL, which I can't locate or seem to edit.

Does that help narrow it down a bit? Preciate any further thoughts.

Mike

Marvin Rhoads · ‎07-20-2010

Do you have a class-map and policy-map allowing snmp into your ACE and applied to your management interface? Something like the following:

class-map type management match-any MGMT

10 match protocol telnet any

20 match protocol ssh any

30 match protocol icmp any

40 match protocol snmp any

policy-map type management first-match MGMT_PERMIT

class MGMT

permit

interface vlan [vlan-id]

ip address [ip-address netmask]

service-policy input MGMT_PERMIT

no shutdown

mikearama · ‎07-20-2010

Almost exactly as you describe:

class-map type management match-any REMOTE-MGMT
21 match protocol ssh any
22 match protocol telnet any
23 match protocol icmp any
24 match protocol https any
25 match protocol http any
26 match protocol snmp any

policy-map type management first-match REMOTE-ACCESS
class REMOTE-MGMT
permit

interface vlan 151
description *** Management access ***
ip address 10.22.151.44 255.255.255.0
peer ip address 10.22.151.45 255.255.255.0
service-policy input REMOTE-ACCESS

service-policy input P-RM2

no shutdown

Mike