Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Still too many discovery issues

We still haven't been able to have a successful discovery of our own network, even with the latest updates...

Cisco ASA5505 (we've created a user just for the OnPlus box with a simple password, and have set the enable password to a simple one) - Still receiving the "Invalid Device Driver or Credentials" message.

Cisco 2811 - all passwords report as valid - possibly working? Though it found the 2960G without us entering details...

Cisco 2960G - enable password reports valid, login password is still pending?

What's worse is depending where we have this on the network, the credentials seem to work fine, other times, not so much. Even though other tools/utilities have no problems traversing the network.

17 REPLIES
mrn Cisco Employee
Cisco Employee

Still too many discovery issues

Hi Jas,

Becuase of a defect in our UI, the discovery process on the ASA5505 is a little more complicated.

If you assign the device driver with credentials that don't work, you have to remove the device driver, enter the correct credentials, then apply the changes. Wait a few minutes, then assign the device driver again. If the credentials are correct, it should authenticate properly at that point.

The problem in our UI is that bad credentials cause the device driver to be marked as bad - and once it is marked as bad, it stays there forever. The only way out of this is to remove the driver, let the system assimilate the change, then reassign it with good credentials.

If this doesn't resolve the ASA5505 problem, I'll be happy to dig into it a little deeper with you.

- Mark

New Member

Still too many discovery issues

Mark:

Sorry for taking so long to reply - the flu isn't fun, especially when we're also deploying a large VMware View project... Aaah, so much stuff.

Anyway.

I'm probably going to need some help getting these password issues resolved as I'm still not having luck. It truly is mind-boggling since I can get some of the device credentials working depending where the OnPlus device is physically located. However, the ASA still proves to be a battle, even when plugged directly in.

And that does bring up an issue - I'm not sure why the OnPlus is having a hard time logging in or validating credentials depending on where on the network the device is placed, even though network visibility is clear from every point (and, as mentioned, using other network discovery softwares work, and all devices are accessible no matter where on the network you are).

Oh, I wanted to also ask - when entering login credentials (not enable access), are we to specify the login/password combination as used if we were to SSH (relating to Cisco equipment), or if we were to Telnet? Over Telnet, I don't believe a username is necessary for anything we have setup, and not all of the equipment uses SSH, but those that do are set to require a username.

Thanks!

New Member

Still too many discovery issues

Hello Jas!

For the credentials you are entering, OnPlus will try to login with any telnet login if there is a telnet service replying.  In cases where the service receives no reply from TCP port 23 (telnet), it will try to login with SSH credentials.

For telnet usage, the following are combinations can be used:

  • Username and password
  • Only the password in cases where there is no username configured

I'll send you a private message offline with my contact information.  We can setup some time to chat more about the scenarios you are facing.

-Jimmy

New Member

Still too many discovery issues

Thanks, Jimmy. I appreciate it. And definitely thanks for clearing up the order of authentication (Telnet first - SSH second).

As far as the password caching issue, does this apply to everything, or just to the ASA (where we need to remove the credentials, remove the driver, and then wait for a while before re-setting it up)?

New Member

Still too many discovery issues

Hey Jas,

This would apply to all devices.  Keep in mind that selecting a driver before entering any credentials also puts you in the same state as entering in incorrect credentials.

-Jimmy

New Member

Still too many discovery issues

Hi Jimmy:

    Do you know what protocols/mibs can be used for ASA/PIX discovery nad connectivity info ?

Thanks,

Chandra.

New Member

Re: Still too many discovery issues

Chandra Manubothu wrote:

Hi Jimmy:

    Do you know what protocols/mibs can be used for ASA/PIX discovery nad connectivity info ?

Thanks,

Chandra.

Cisco OnPlus doesn't do automatic discovery for the ASA family.  We would be able to discover it initially as an unknown device on our topology via our typical discovery process (e.g., ARP, parsing CAM tables on supported switches..)

You would then have to manually select the driver once OnPlus discovers it on the topology.  Be careful to enter your correct credentials before selecting the driver though. Feel free to check out our ASA5505 tips and tricks for some additional information:

https://supportforums.cisco.com/docs/DOC-17448

Currently, we only use SNMP when applying the generic SNMP drivers for routers and switches.  I believe we pull the entity-mib, qbridge-mib, and bridge-mib for data in those cases.  I'll double check back with Mark Nelson on those...

New Member

Re: Still too many discovery issues

Thanks Jimmy for prompt response.  Content  in

https://supportforums.cisco.com/docs/DOC-17448  is not well formatted and looks like last portion of sentenses is cut. Is it possible to fix it. Please let me know once you confirm with Mark. I  really looking forward for all the info that is used to discover all the connectivity info with other devices.

Thanks,
Chandra.

Cisco Employee

Re: Still too many discovery issues

Chandra,

There should be a horizontal scrollbar towards the bottom of that page that should let you see everything. Alternatively you can start highlighting with your mouse and drag right and the hidden text should all become visible.

-mike

New Member

Re: Still too many discovery issues

Hi Chandra,

Chandra Manubothu wrote:

Thanks Jimmy for prompt response.  Content  in

https://supportforums.cisco.com/docs/DOC-17448  is not well formatted and looks like last portion of sentenses is cut. Is it possible to fix it. Please let me know once you confirm with Mark. I  really looking forward for all the info that is used to discover all the connectivity info with other devices.

Thanks,
Chandra.

As Mike states, scrolling left to right should help alleviate the issue.  I am also attaching the PDF version of the document for easier reference. 

I've also confirmed with Mark on the SNMP MIBs.  We don't use SNMP on the ASA5505, but we give the option on routers and switches when you use the generic snmp router/switch driver.  We'll use the entity-mib, qbridge-mib, and bridge-mib (when qbridge returns nothing)...

-Jimmy

New Member

Still too many discovery issues

I am going to go crazy with this also.  I can't get the driver to work for my ASA5505 and I also can not seem to get my 2801 Call Manager box to come up right and it's not finding the phones that are on a voice vlan behind the 2801 router.

I like some of this a lot but some of it's making me crazy.

New Member

Still too many discovery issues

The crazy thing is that it found my old 3524-PWR-XL switch with no problems but modern things like the ASA it can't figure out.

New Member

Re: Still too many discovery issues

mkozicki wrote:

I am going to go crazy with this also.  I can't get the driver to work for my ASA5505 and I also can not seem to get my 2801 Call Manager box to come up right and it's not finding the phones that are on a voice vlan behind the 2801 router.

I like some of this a lot but some of it's making me crazy.

Sorry to hear that you're having a bit of difficulty in your setup.   I'd be glad to chat with you on some of the issues you might be having  if we can't resolve it here.

Do you have the correct device credentials entered into your 2801 ISR?  You'll want to make sure that you have the correct credentials and the right driver has been automatically selected for this platform.  To double check the driver, you can take a peek in the credentials > device driver tab in the device window as depicted below:

For the credentials, make sure your login access and enable access are both accepted as well.  If this doesn't help get to the bottom of it, I'll send PM you my contact information and we can dive deeper.

As for the ASA5505, Cisco OnPlus doesn't do automatic discovery for the ASA family as it doesn't support many of the discovery protocols we use.  We have to manually assign the driver once it is found on the topology.  Please take a look at the link below for some additional tips and tricks on the ASA5505.

https://supportforums.cisco.com/docs/DOC-17448

Also please do take note that we currently are working on resolving an issue with the ASA5505 when using complex passwords.  We require that the passwords currently be simple alpha numeric only, but this will be fixed in a release soon. 

EDIT:  This issue was resolved in a previous release and complex passwords should not be an issue for the ASA 5505 anymore.

New Member

Re: Still too many discovery issues

I just deleted all user names and passwords for the 2801 and it will still not seem to find it.

Then I changed the driver to Generic IOS Router and it says the driver is invalid so I change it back to none selected but the credentials always show as not yet known.

New Member

Re: Still too many discovery issues

Just deleted all the user names and passwords for the ASA5505 and did it over again and same thing with driver invalid.

Also even though the 3524 is found it says that it can't back up the config so it sends me an e-mail about that.

If you want to give me a call please do.  616.560.7056 and I will be happy to webex with this or whatever.

New Member

Re: Still too many discovery issues

Hey Michael,

Thanks for taking the time to chat with me today.  I'll setup something for early next week to review your scenario.  In the meantime, we'll investigate the site you have pointed out.

Thanks again for all of the good feedback!

mkozicki wrote:

Just deleted all the user names and passwords for the ASA5505 and did it over again and same thing with driver invalid.

Also even though the 3524 is found it says that it can't back up the config so it sends me an e-mail about that.

If you want to give me a call please do.  616.560.7056 and I will be happy to webex with this or whatever.

New Member

Re: Still too many discovery issues

I set up my 2801 as a generic SNMP router and now it did find all my phones on my voice vlan.  I still have a few other things that I am messing with and still have not gotten the ASA 5505 to work right but I am getting someplace with this.

Thanks much.

Mike

1473
Views
0
Helpful
17
Replies
CreatePlease to create content