Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NCM Detect Network Devices fails, but New Device wizard works?

Hi -  I'm demo the NCM and trying to add devices using the Detect Network Devices feature to add many devices.  It says success, but it marks the devices as Non Active Nodes and they don't show up anywhere in NCM (that I can see).

When I use the add New Device wizard to add a single device, it works fine though.  Anyone have an suggestions to get the Detect Network Devices working?  I'll be back in the office at 8am pacific time if you have any suggestions.  Thanks,

Larry

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: NCM Detect Network Devices fails, but New Device wizard work

You can set the different encyrption (priv) levels for SNMPv3 when editing a device.  If you look down in the Connection Settings you'll see this

Your problem is that you need the Encryption models to show up in the Device Password Rules, which Detect Network Devices would use.  It's not there.  You can do SNMPv3, but only DES encryption at that point...

So I see a couple options.  First we need to realize that SNMP is only used in NCM for initial device discovery to get sysObjectID.  The rest of the usage is mostly CLI (SSH/telnet) based commands like 'copy running-config tftp', etc.  You COULD fall all the way back down to SNMP-initiated TFTP, but that's a last chance option.

So options are:

1) Enable SNMPv1/2c READ-ONLY on the device for discovery.  You could put an ACL on the SNMP community and/or an SNMP view to restrict access to MIB-2 only objects.

2) Enable SNMPv3 with DES for a single user - that would be a 'discovery user'.

3) Forgo discovery and use Device Import.  Maybe you have a gold list of devices from another product and you can get by running discovery.

7 REPLIES
Cisco Employee

Re: NCM Detect Network Devices fails, but New Device wizard work

It's possible that your credentials are wrong when you're setting up your Detect Network Devices task.  NCM is seeing the device as active because it can ping it, but when it tries to manage it, the SNMP and/or telnet/SSH credentials are wrong, therefore it can't make it 'active' or managed.

When setting up Detect Network Devices are you using Network-wide password rules or Task specific?

Same question for your set up on New Device Wizard.

If everything seems in sync and you're still having problems, do the Detect Network Devices task one more time, with the following options:

Task Logging

--  Check "Store log output generated by this task "

--  Select: device/access/authentication;  device/access/authenticationrules;  device/session;

That may be enough for TAC to help - they may ask for a few more task logging types if the problem is really obscure...

New Member

Re: NCM Detect Network Devices fails, but New Device wizard work

Thanks JA,  I gave that a try.  Where do I view the logs?

Task history only gives the following output:

Sep-20-10 09:40:35 admin
    

The following task was started:

  5791: Task Name: Detect Network Devices
Added by: admin (NCM_admin)
Start Date: As Soon As Possible
Repeat type: Non-recurring
Status: Running
Comments:

     Sep-20-10 09:40:37 admin
    

The following task completed:

  5791: Task Name: Detect Network Devices
Added by: admin (NCM_admin)
Start Date: As Soon As Possible
Repeat type: Non-recurring
Status: Succeeded
Comments:
New Member

Re: NCM Detect Network Devices fails, but New Device wizard work

JA -  I believe the logging is supposed to be displayed in the Additional Infomation field.  However, even after selecting all the logging options you suggested, the Detect Network Devices task only gives me this output in the Additional Information field.

Additional Information
Result Details
Details: Task Completed
Active nodes0
Non-active nodes1
132.1.108.80
Unrecognized hosts0
Existing devices0
Total1


However, when I ran the New Device wizard, I see Additional Information that I may be able to use to figure out why the Detect Network Devices task is not working.  New Device wizard appears to have been able to connect via SSH and then use an Expect script to gather enough information to add the device.

Larry

Cisco Employee

Re: NCM Detect Network Devices fails, but New Device wizard work

There is some amount of logging that comes back in a completed job.  There's more if the task supports 'Store Complete Session Log'.  The Snapshot task does - you can check that out with the 'Store Complete Session Log' option enabled so you can see the final results.

Neither Detect Network Devices, nor New Device Wizard support that option.  The Task Logging that all these tasks support is separate.  The logs there typically go into /opt/CWNCM/server/log/jboss_wrapper.

An easier way to get the 'interesting' logs is to set up your Task Logging options, execute the task to capture the necessary info...  Then go to Admin -> Troubleshooting -> Send Troubleshooting Information or Download Troubleshooting Information.

You can have it email the troubleshooting info to you instead of TAC.  Then you don't have to dive around the server CLI looking for stuff.

Of course when you get to this level of troubleshooting you may require TAC assistance to interpret the logs - that's what they are there for! 

-Jason Davis

New Member

Re: NCM Detect Network Devices fails, but New Device wizard work

Thanks JA, I was able to figure out that the issue is SNMP authentication.  So far I'm able to Detect Network Devices if I add an SNMPv1 community string with RW permissions to a switch.  However, we are using SNMPv3 with aes encryption on our test.  I don't see any way to configure the encryption algorithm in NCM.  (Like I can with LMS).  Do you know if there's a way to configure it, or does the SNMP manager attempt to negotiate that?  I going to try changing the encryption settings on a switch to see if that helps, but I may end up putting in a ticket with TAC because I need this to work with AES.

Thanks,
Larry

Cisco Employee

Re: NCM Detect Network Devices fails, but New Device wizard work

You can set the different encyrption (priv) levels for SNMPv3 when editing a device.  If you look down in the Connection Settings you'll see this

Your problem is that you need the Encryption models to show up in the Device Password Rules, which Detect Network Devices would use.  It's not there.  You can do SNMPv3, but only DES encryption at that point...

So I see a couple options.  First we need to realize that SNMP is only used in NCM for initial device discovery to get sysObjectID.  The rest of the usage is mostly CLI (SSH/telnet) based commands like 'copy running-config tftp', etc.  You COULD fall all the way back down to SNMP-initiated TFTP, but that's a last chance option.

So options are:

1) Enable SNMPv1/2c READ-ONLY on the device for discovery.  You could put an ACL on the SNMP community and/or an SNMP view to restrict access to MIB-2 only objects.

2) Enable SNMPv3 with DES for a single user - that would be a 'discovery user'.

3) Forgo discovery and use Device Import.  Maybe you have a gold list of devices from another product and you can get by running discovery.

New Member

Re: NCM Detect Network Devices fails, but New Device wizard work

Thanks JA!

   I'm using the Device Task "Import" with the provided device.csv template.

  All that seems necessary to import the devices is an IP address in the primaryIPAdress field, and it's working.

  Sounds like I don't need to set the SNMPv3 priv encryption if that's only used for discovery.  I noticed that there is a Device Template that can be used to set SNMPv3 encryption after the device has already been discovered.  Seems a little bit backwards to me, but at least we have a bulk import solution.

Thanks for all your time and help with this!

Larry

881
Views
0
Helpful
7
Replies
CreatePlease login to create content