Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
778
Views
0
Helpful
2
Replies

Credential Manager to RME lag time?

ktokashhh
Level 1
Level 1

‎12-26-2007 02:59 PM

I define all my gear under CS -> Device and Credentials -> Device Management and have the "Automatically Manage Devices from Credential Repository" box checked in RME. This works most of the time, but I'm running into a couple quirks.

1. If I create a group and make a rule, specifically that device with an IP address within a certain range is a member, and then add a device that conforms to that rule, it does not get added to the group. I tried "Refreshing" the group in RME -> Devices -> Group Administration, and that popped up a little box that said I rock, but the membership was the same as before.

2. I changed the IP address of a machine that was within the range:

Device.IP.Address range "10.39.52.[2-3]"

to be 10.39.52.222 in the Credential Manager. The box is still in the group despite being outside the range. "Refresh" didn't work there either. I also tried rebooting the daemon, but that didn't help.

I'm not clear on the Credential Manager to RME (or any other application) relationship now. Does the CM house all the credentials and get referenced all the time? Or does it simply store them and the various applications cache the information? If the info is cached, how do I pop the cache?

I am asking this now because I want to set up groups for all of the infrastructure now, but not if I have to later delete and re-create them to have the new boxes in the range recognized.

Labels:
0 Helpful
2 Replies 2

Joe Clarke
Cisco Employee
Cisco Employee

‎12-26-2007 03:15 PM

First, you need to define the group to have automatic membership instead of manual. This is the default, but make sure you have not changed it.

Since you are using RME to create the groups, you need to rely on RME's inventory data. If RME does not have proper inventory information for a device with the up-to-date IP information, then the groups will still reflect the information RME has in its database.

Therefore, for the devices you are testing, run an RME inventory collection job, and see if the rule membership changes.

0 Helpful

akemp
Level 5
Level 5
In response to Joe Clarke

‎12-27-2007 01:17 PM

For consistancy of user interface I always define all dynamic groups on the DCR Master in CS. Membership rules vary across the applications, but the DCR is always available.

0 Helpful
Customers Also Viewed These Support Documents