Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1364
Views
9
Helpful
6
Replies

LMS2.5.1 VLAN Config fetch is not supported using RCP

rherve
Level 1
Level 1

‎06-12-2006 02:03 AM

Hello,

All switch in Ciscoworks use TACACS+ authentication with username and passcode (RSA SecurID).

I have configure the switch to used RCP but vlan database failed to fetch.

Below the configuration used:

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication login console local

enable password xxxxxxxxxxxxxxxxxxxxxx

!

username Manager privilege 15 password xxxxxxxxxxxxxxxxxxxxxx

username cwuser password xxxxxxxxxxxxxxxxxxxxxxxx

clock timezone UTC+1 1

clock summer-time UTC+1 recurring last Sun Mar 2:00 last Sun Oct 3:00

ip subnet-zero

ip rcmd rcp-enable

ip rcmd remote-host cwuser 40.206.50.115 cwuser enable

ip rcmd remote-username cwuser

When I Synchronize the configuration I cannot get the VLAN database ? Why ?

Is RCP not good configure ?

How can I used Ciscoworks successfull with TACACAS+ and PASSCODE to used RME correctly ? (Netconfig; config-editor; etc...)

Can you help me please about TACACS+ ?

How can I configure Telnet for Ciscoworks wihtout use TACACS+ ?

Any answer about this ?

Thanks

Herv?

Labels:
0 Helpful
6 Replies 6

miheg
Level 5
Level 5

‎06-12-2006 02:49 AM

I recall something that said that ciscoworks dynamicly creates a rcp username an password.

Is it mentioned anywhere that you should configure this rcp stuff?

Cheers

Michel

0 Helpful

David Stanford
Cisco Employee
Cisco Employee

‎06-12-2006 04:16 AM

Your RCP configuration looks fine.

What version of RME are you running? What type of device is this?

RME will not work if you are using SecurID or a random token. It needs to be a standard password entered into the credentials.

You can configure telnet on the device to work with RME, but if you have AAA then it will look at AAA for authentication.

rherve
Level 1
Level 1
In response to David Stanford

‎06-12-2006 07:20 AM

RME Version is 4.0.4.

Device Type is: WS-C2950-24

0 Helpful

David Stanford
Cisco Employee
Cisco Employee
In response to rherve

‎06-12-2006 07:58 AM

Do you see a vlan.dat on the switch itself if you view the output of show flash: ?

0 Helpful

rherve
Level 1
Level 1
In response to David Stanford

‎06-12-2006 09:17 AM

When I check the flash with: show flash, i see vlan.dat file

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee

‎06-12-2006 09:33 AM

vlan.dat is handled differently from the standard configuration. For vlan.dat fetching to work, RME must be able to login interactively to the switch (i.e. either using telnet or SSH). From there, RME will issue a copy flash:vlan.dat tftp: from the switch's command line.

As for PASSCODE support in TACACS+, if you mean the PASSCODE: prompt, this is a supported prompt in RME 4.0.4. However, if you need custom prompt support, you can edit NMSROOT/objects/cmf/data/TacacsPrompts.ini, and add your customer username and password prompts there.

If, however, you're referring to SecureID support, this can only work using the job-based password feature of RME. You will not be able to schedule automated recurring jobs that make use of this feature.

As for configuring a device not to use TACACS+, just remove "aaa new-model" and configure a password under "line vty 0 15" (or "line vty 0 4") as well as an enable and/or enable secret password (enable secret password is more secure). This information is described in more detail in the various configuration guides for IOS.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents