07-20-2010 08:45 AM
Hey Techies...
Has anyone had success getting CW 3.2.0 to play nice with ACE modules (ACE20-MOD-K9)? In particular, I'm having issues getting any details on our contexts. I was able to add the contexts to inventory without issues, but I cannot do or see anything beyond that.
I have a feeling it has to do with this line in the ACE configs: snmp-server community mystringhere group Network-Monitor
From what I've read, the Network-Monitor group is a built in group that I cannot delete... however, I also cannot figure out how to modify it to include my ciscoworks server.
If anyone's been able to add ACE modules to ciscoworks, I'd love to know how. Any tips appreciated,
Mike
07-20-2010 10:45 AM
The ACE modules are only supported for functions of the RME and DFM components of CiscoWorks LMS. See http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/3.2/device_support/table/lms32sdt.html .
Is there something in particular you want to do but cannot? Generally speaking, detailed configuration management on ACE modules (apart from CLI) is done using Application Networking Manager (ANM). See http://www.cisco.com/en/US/products/ps6904/index.html .
07-20-2010 01:07 PM
Thanks for the reply, and input.
I'm only really interested in the Config backup jobs... Archive Management in particular... in RME. I understand that ANM can do the same via Checkpoints, but I like the automated process in CiscoWorks.
When I create an Archive job to backup the config, the failure message is: "CM0056 Config fetch failed for Prod-ACE-Admin Cause: CM0204 Could not create DeviceContext for 81 Cause: CM0206 Could not get the config transport implementation for 10.22.20.22 Cause: CM0202 Could not access 10.22.20.22 via SNMP. Action: Check the Read Community String. Action: Check if protocol is supported by device and required device package is installed."
I have double-checked the snmp string... in the ACE-Admin context: snmp-server community mystringhere group Network-Monitor
... which matches that configured in CW.
I have to assume it's the "group Network-Monitor" ACL, which I can't locate or seem to edit.
Does that help narrow it down a bit? Preciate any further thoughts.
Mike
07-20-2010 01:14 PM
Do you have a class-map and policy-map allowing snmp into your ACE and applied to your management interface? Something like the following:
class-map type management match-any MGMT
10 match protocol telnet any
20 match protocol ssh any
30 match protocol icmp any
40 match protocol snmp any
policy-map type management first-match MGMT_PERMIT
class MGMT
permit
interface vlan [vlan-id]
ip address [ip-address netmask]
service-policy input MGMT_PERMIT
no shutdown
07-20-2010 01:42 PM
Almost exactly as you describe:
class-map type management match-any REMOTE-MGMT
21 match protocol ssh any
22 match protocol telnet any
23 match protocol icmp any
24 match protocol https any
25 match protocol http any
26 match protocol snmp any
policy-map type management first-match REMOTE-ACCESS
class REMOTE-MGMT
permit
interface vlan 151
description *** Management access ***
ip address 10.22.151.44 255.255.255.0
peer ip address 10.22.151.45 255.255.255.0
service-policy input REMOTE-ACCESS
service-policy input P-RM2
no shutdown
Mike
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: