Solved: VLAN Running Configuration in NetConfig

jeeyishyuan · ‎02-02-2009

Hi Experts,

May I know what is VLAN Running Configuration in RME tool: NetConfig?

Why and When is it fetch during Configuration fetching?

The fetching of VLAN Running configuration keep failing due to unable to establish Telnet connection. Why is it so?

Any way to disable it to be fetched?

Thanks and Regards,

Yi Shyuan

Joe Clarke · ‎02-05-2009

The fetches for the startup and running configs may have fallen back to TFTP when telnet failed. The error "authentication failed 3 times" is almost always correct. It means that the DCR credentials for this device are wrong (i.e. username/password). Pick one device, and start a sniffer trace filtering on all traffic to the device. Then perform a Sync Archive against this device. The trace will tell you exactly what's happening with the various config fetch operations.

View solution in original post

Joe Clarke · ‎02-02-2009

The VLAN configuration is the vlan.dat file found on the flash of IOS switches. It contains all of the VLAN and VTP data for switches in VTP client and server mode. It is archived at every configuration fetch because vlan.dat is binary data, and RME cannot determine if anything did in fact change.

The only supported ways of getting the vlan.dat are TELNET and SSH. RME connects to the switch using one of the two protocols, then initiates a TFTP back to the RME server.

There is no way to disable the fetching of vlan.dat. If you want to be able to fully recover a device from a disaster, you must have this file.

jeeyishyuan · ‎02-02-2009

Hi Joe,

Thanks for the info.

However, I keep encountering failure to fetch VLAN running configuration file due to unable to establish Telnet .

What could be the possible reason?

Regards

Yi Shyuan

Joe Clarke · ‎02-02-2009

You don't have telnet properly configured in LMS. Check your DCR credentials for the devices in question. Make sure the username/password is valid, and you can login to those devices using telnet from the LMS server.

jeeyishyuan · ‎02-03-2009

Hi Joe,

If I am not wrong, the startup and running config are also fetched via Telnet. If this is the case, why shouldn't VLAN running config being fetch?

Regards

YS

jeeyishyuan · ‎02-04-2009

Hi,

I keep getting the result of partially successful due to failure in fetching VLAN Running config where the root cause is unable to establish telnet Connection.

I find this is weird as I can fetch startup and running config using telnet.

Can the expert explain why is it so?

Thanks & Regards,

Yi Shyuan

Joe Clarke · ‎02-04-2009

I thought I answered this, but I my post seems to have disappeared. Telnet may not be used to fetch the config. It depends on your protocol order configured under RME > Admin > Config Mgmt > Transport Settings. It is possible that RME is using TFTP to fetch the running and startup configs. TFTP is not supported for the vlan.dat fetch.

jeeyishyuan · ‎02-05-2009

Hi Joe,

I have checked my transport settings where Telnet is set as the first protocol to be used while TFTP is the second one.

So are you saying that the VLAN running config is failed to fetch using TFTP?

But why did the reason shown in the job log stated VLAN Running Config is failed to fetch due to unable to establish telnet connection? While both startup and running configs are successfully fetch via telnet?

Thanks & Regards,

YS

Joe Clarke · ‎02-05-2009

The fetches for the startup and running configs may have fallen back to TFTP when telnet failed. The error "authentication failed 3 times" is almost always correct. It means that the DCR credentials for this device are wrong (i.e. username/password). Pick one device, and start a sniffer trace filtering on all traffic to the device. Then perform a Sync Archive against this device. The trace will tell you exactly what's happening with the various config fetch operations.

jeeyishyuan · ‎02-08-2009

Hi Joe,

Sorry for the late reply.

I had tried choosing only one device, but it seems that now all telnet connections to fetch three configs are failed.

I had already enable the job password policy but job based password is still disabled in the job result. Just wondering whether the job based password affect the telnet connection?

Regards,

YS

Joe Clarke · ‎02-09-2009

Job-based passwords could be causing this problem. The job-based passwords override the telnet credentials in DCR. So, if the JBP you entered is not a valid telnet credential for the device in question, then the error you're seeing is expected.

jeeyishyuan · ‎02-09-2009

So currently the JBP is shown as disabled in the job output result. How can I enable it and enter the telnet credentials for that specific device?

Joe Clarke · ‎02-09-2009

By default, JBP can be enabled when you schedule certain jobs (e.g. Netconfig jobs) to run. Just check the Enable Job Password box when scheduling the job.

That said, JBP is not available for config fetch jobs. This is a long-standing bug (CSCsc29880) which has no ETA on a fix at this time.