Re: Venting my frustration with ciscoworks - Page 2

crose · ‎12-23-2005

I have an end to end cisco network and we are trying to ge t ahandle on making managing all this cisco gear easier. I have been working with ciscoworks in various incarnations for about the last 5 years.

I've been fighting with LMS 2.5 now for going on a year, and have YET to be able to get it to function properly. I have found manageability in cisco devices short of using ssh and an IOS command prompt is next to an impossible task unless you want to do it in an insecure fashion.

There is still no full SNMP V3 support available in ciscoworks. The scp services have only recently come into fruition. I still have tons of devices with inconsistant IOS commands, varying levels of SSH support, and an overly buggy, almost useless LMS2.5 that I have to fight constantly just to get it to do BASIC tasks.

What is so freakin hard about making a device and the LMS sytem support fully secure device management in a consistant manner? I'm talking about full SSH 2 support, SCP, and snmp v3 with encryption and auth? We had a netowrk audit as aprt of outr HIPPA complaince measures and we got nailed for still using tftp and telnet to manage devices on our network.

What infuriates me to no end is I was just surveyed about what I wanted in a new version of ciscoworks and I told them JUST FIX THE DAMN STUFF YOU ALREADY HAVE! Don't add any mroe new crap until the stuff you have works relaibly! And I know others that said the same. Menawhile I get wind they are now creating a NEW ciscworks product to do workflow management! They could manage workflow form now until x-mas 2020 and it wouldn't do me any good if the basic work (updating software, archiving configs, etc) isn't getting done?

Anybody else as frustrated with this edsel as I am?

miheg · ‎03-27-2006

I don't think that having ciscoworks running on Solaris will keep all the trouble one can have with Ciscoworks away from you and your staff.

Many of the quirks I see on windows I see on Solaris too and the Solaris version has his own quirks.

I do feel the interface of LMS 2.5 is slight better then 2.2 but far from perfect. The DFM interface is horrible. The guy that made that should be banned from programming and obliged to use it on real network.

To move away from applets for everything is good but the HTML interface we got in return is a missed opportunity.

And the whole thing especially the databases must get documented some time and it must come with a development kit for the resellers.

Then Ciscoworks can start to compete.

Michel

bmasten · ‎03-27-2006

Interesting,

I can hardly wait to begin testing the LMS2.5 box.

I asked recently if they planned to support Solaris 10 and someone replied that LMS 3.0 would.

Seems someone is developing something.

I have stayed away from LMS 2.5 as I think it is an inbetween product similar to HPOVNNM7.x

I am sure the world will be a much better place when LMS 3.0 and HPOVNNM 8.0 are released.

Oh the promise of a better tomorrow

akemp · ‎04-03-2006

If you have an experienced Solaris administrator (not a hack) you can get Ciscoworks working like its suppose to with effort. You cannot take the application off the CD's, install all the patches, and just turn it on and it works. This is true with most more complex software packages, thats why consultants still get paid.

p.calcaterra · ‎04-13-2006

I do not think that the Solaris vs. Windows2003 could resolve anything.

Anyway, waiting that Cisco Corp. will answer to these posts, I wish to share a couple of evaluations about LMS 2.5.1 bugs

The main issues are about the DBs: they can get some odd state that cannot be recovered by the software, e.g.: LMS 2.5 (resolved in 2.5.1) does not clean up the cdp neighbors list; if you check the ODBC connection, you must apply the “CSCOpx/bin/dbpasswd.pl” Perl script to restore the correct password; if the syslog db connected to the rmeng db gets huge, the rme process gets stuck.

Secondarily it is always very hard to understand what is wrong when cw2000 cannot reach some device (password? SNMP community? DNS or IP? Protocol? ACL?), moreover the log files contain information for the software developers and are useless for the end users.

Best regards.

Paolo Calcaterra

akemp · ‎04-14-2006

It depends on the administrator's skill set and the other tools and methodologies available. We use Solarwinds (for snmp ad-hoc queries), have all of our devices using TACACS+ for AAA (those log files speak volumes of information for authentication failures), and ACL's are candy when compared to firewall rulebases...a quick scan of them for where the queries will ingress/egress isn't difficult.

jaleach · ‎04-18-2006

I'm very new to using LMS and 2.5 is my first real dip into managed networking.

Personally the most frustrating thing I find is that non of the apps in CW talk to each other. My example is as follows:

Each night one of our core switches is powered down from 7pm to 7am for physical security reasons - the DFM reports this and shows an alert for all the switches being 'unresponsive' in the morning. After 7am however when the switch is up again, DFM still reports them as unresponsive - even tho CM is running a UT acquisition, RME has run a daily inventory and I can run a ping-sweep across all the switches from my own workstation!!

If only the apps could talk to each other or at least centralise the device-state knowledge.