Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Not In ACS list access from 'dcrcli' ...possible? (LMS 2.6)


I can view a list of devices that are on the 'not in acs' list so those devices are available in some way. (Solaris servers)

The drawback to ACS mode, which we use, is that they cannot be deleted or have their IPs changed, etc.

But, in Campus Mgr, that list could be helpful to identify devices that we didn't get into ACS and the DCR.

Our situation is unique. We have CM and RME on two separate servers to manage server resources better. We don't use the CM server to populate the RME server.

So, not to dwell too much on our specifics, that's the way we have to do it.

So, bottom line, if I could use dcrcli or command line scripting to get that list outside the GUI, we could really have something. That list could be SCP'd to another server and parsed out for devices that answer to pings, have hostnames that are identified, using our naming standard, as Cisco devices, and generate a list of "stuff that slipped through the crack."

The Not in ACS list under common services can't be scheduled and therefore exported to a file on the server so I'm looking for a work-around.

Any suggestions?


  • Network Management
Cisco Employee

Re: Not In ACS list access from 'dcrcli' ...possible? (LMS 2.6)

This is currently not possible. There is an expAcs command for dcrcli which will allow you to export devices from DCR to the ACS server (if those devices are not already in ACS).

New Member

Re: Not In ACS list access from 'dcrcli' ...possible? (LMS 2.6)

I can see where that answers the question as to whether it can be done from the cli using RME commands.

But, aren't NI-acs devices still on record somewhere in a directory, file, etc? I seemed to recall that NI-acs devices are simply those that do not have a DeviceID but somewhere on the server, there is a file or directory with their name. If that's true, we can use unix commands to find them and build a list from outside CW.

That would still help us accomplish our goal.

Thanks for the speedy response.

Cisco Employee

Re: Not In ACS list access from 'dcrcli' ...possible? (LMS 2.6)

No, this is not the case. The devices are stored in the cmf database, and LMS talks to the ACS server to find those devices which are not authorized.

New Member

Re: Not In ACS list access from 'dcrcli' ...possible? (LMS 2.6)

To be sure I have this, you are saying that nowhere, in any files or directories, is there a way to use a cli command in unix, such as ls, locate, find, etc, that will produce the names of devices on the list?

Is there a way to poll the cmf database from outside the GUI?

What is the Solaris path to that cmf db? (I'm not a great unix guy, ...yet)

Cisco Employee

Re: Not In ACS list access from 'dcrcli' ...possible? (LMS 2.6)

No, there is no way to get to the data you want from the command line. Direct access to the database is not supported. The only way to access this data is through the web. Once the report is run, it can be exported to a CSV file.

This widget could not be displayed.