cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1774
Views
20
Helpful
29
Replies

Cisco Works -Archiving Network Devices

mvsheik123
Level 7
Level 7

Hi,

We are using Cisco Works RME 4.0. Somehow CW unable to 'Archive'/'Backup'any of the discovered 70 devices(Error description: Check the SNMP string and licence).Devices configured with TACACS. Both are existing. Any idea..?

Thank you in advance.

MS

29 Replies 29

If you cannot post them to the forum, then please open a TAC service request to continue your debugging there.

Ok np, i am posting the debug logs .. i guess the debug was also enabled on 10th june and the administrator has sent me those logs, i hope these might be useful to you.

Fyi, some devices which fail saying "Could not access via SNMP" error are ajankrse1sw01, ajankrse1sw02 etc. These are 3550 switches. Some devices which fail with error msg of "Failed to get start-tag begin in the configuration" are ancsausy1sw01 , ancsjpto1sw01. These are 6509 switches. You can ignore the rest. Thx again

- Manoj

Hi Clarke,

Sorry to bother you again. Does the debug logs i posted are of any help to you in determining the cause of the issue. Kindly assist. Thanks again man!

- Manoj

The community strings for ajankrse1sw01 and ajankrse1sw02 are incorrect in DCR (or there is something blocking SNMP to this device). Verify the SNMP credentials, and use Device Center's SNMP Walk tool to try and manually walk the system table on these devices.

The start tag messages usually indicate command authorization is enabled on the device, but "write term" is not allowed. Login to these switches using the same username and password you have configured in DCR, and issue the command "write term". what output do you get?

Hi Clarke,

You are right man. I tried to do wr term on one of the 6500 switches and i got a message saying "Command authorization failed". But i have one query regarding this. We have another 300+ devices (routers + switches) which are not 6500 switches and are being backed up with the same user name and password that i am using for 6500 switches. So why only 6500 switches are not backed up while other devices are backing succesfully. Is there a known bug wherein we need to have wr mem access to backup devices. Why is it so? Is there any link which says this?

Also for the devices ajankrse1sw01 and ajankrse1sw02, i am not sure what DCR is? I have already reentered the community strings and confirmed that they are correct. I dont know what is Device Center's SNMP Walk tool. Can u guide me through this or provide me any link on how to go about this.

I really appreciate all the help you have been providing me in regards to this man. Thanks!

- Manoj

Why command authorization plagues these switches has to do with their AAA config. You must allow the "write term" command if you are going to be archiving CatOS devices via either telnet or SSH. This needs to be done on the AAA server.

DCR is the Device Credentials Repository (under Common Services > Device and Credentials > Device Management). The strings you have entered in DCR are either wrong, or the config on the switches is blocking the CiscoWorks server, or the network is dropping the SNMP requests.

If you go to Device Center, choose one of your failing 3550s, you will see a link in the bottom left-hand corner of the window for "SNMP Walk". In that tool, you can perform an SNMP Walk on this device. Choose a starting OID of "system". I imagine that will fail, so you need to verify the things I mentioned.

Dear Clarke,

Thanks for your explanation. However i have some doubts still.

Regarding the "start-tag" error, you mentioned the "write term" should be allowed. We have other routers and switches also which does not have "write term" access but backup for those routers and switches (non 6500) is going fine without any problems. Why is the problem only in 6500 then. Does 6500 specifically require write term to be enabled for cisco works backup??

For for other 3550 switches, you are right that it is failing with error "failed to snmp walk the device. plz check your community string and starting OID and try again". I have copied the snmp strings that i configured on the router and re-entered them in cisco works. But stil it is failing. Does the OID of "system" has to be the same always. Why is it always "System". Also i have tried to ping, telnet the device from ciscoworks and am able to do without any problem. So I dont think snmp requests are being dropped by the network.

You need to allow "write term" to archive the configuration of 6500 switches using either telnet or SSH.

Please include your 3550's show run. If that checks out, then you will need to check with your security administrators to see if there are firewalls or access-lists that are blocking SNMP traffic between the CiscoWorks server and the switches.

Hi Clarke,

Sorry i was on leave yesterday, hence could not reply. You mentioned that on 6509, we need to enable wr term for archive to be successful. Is there any link which says this. Becoz if i put this forward to my higher level team, the first question i will be asked is why other routers and switches (non 6500) are being backed up with also do not have access for wr term.

Also for SNMP for 3550, i will check with my admin and let u know the progress.

One again, thx for ur help man ...

I do not know of a link that lists all of the documented config collection commands.

Clarke,

I have taken the output of "sh snmp" from two of the 3500 switches. Does this say anything ??

sh snmp

Chassis: CAT1020N3WG

17531 SNMP packets input

0 Bad SNMP version errors

17531 Unknown community name

0 Illegal operation for community name supplied

0 Encoding errors

0 Number of requested variables

0 Number of altered variables

0 Get-request PDUs

0 Get-next PDUs

0 Set-request PDUs

17618 SNMP packets output

0 Too big errors (Maximum packet size 1500)

0 No such name errors

0 Bad values errors

0 General errors

0 Response PDUs

17618 Trap PDUs

SNMP global trap: enabled

SNMP logging: enabled

Logging to 10.209.10.37.162, 0/10, 17611 sent, 7 dropped.

SNMP agent enabled

sh snmp

Chassis: CAT1020N3UJ

3117 SNMP packets input

0 Bad SNMP version errors

3117 Unknown community name

0 Illegal operation for community name supplied

0 Encoding errors

0 Number of requested variables

0 Number of altered variables

0 Get-request PDUs

0 Get-next PDUs

0 Set-request PDUs

3185 SNMP packets output

0 Too big errors (Maximum packet size 1500)

0 No such name errors

0 Bad values errors

0 General errors

0 Response PDUs

3185 Trap PDUs

SNMP global trap: enabled

SNMP logging: enabled

Logging to 10.209.10.37.162, 0/10, 3178 sent, 7 dropped.

SNMP agent enabled

One-shot counters are meaningless. If you suspect that the SNMP requests are making it to the switches, then you need to take a snapshot of the counters, reproduce the archive failure, then get another snapshot. It won't be 100% accurate, but it will be more telling that just one look at the show snmp output.

Clarke,

You know what .. some of the 3550's which were failing had some configuration issue in cisco works .. after making changes, few are backed up successfully ... no patience to check for other devices now .. will check them later ... you are true genius man .. really ;-)

Clarke,

I have one more query for you. Our Cisco works takes backups every friday. When i try to retrieve a config for a device, i only get the latest config. If i need to get the config of a device that we backed up during Feb or March, how can i get that. Can you guide me through the options man. Thx again ;-)

-- Manoj

Assuming you have purged this config, you can find it from RME > Config Mgmt > Archive Mgmt > Version Tree.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco