I need to schedule a nightly job that save the running config for our Cisco gear. Our firewalls and most switches support "write memory". However, I have some newer Cisco switches running NX-OS that only support "copy running-config startup-config". I scheduled a nightly job to execute the following script:

${SaveConfig}

exit

I figured it would adjust the command accordingly based on the device, but the job's email results indicated that NCM is executing "write memory" on my NX-OS devices, thus failing to save the config. The template's OID exactly matches the OID of the NX-OS devices. In this template, the SaveConfig command is correct:

<Command Name="SaveConfig" Value="copy running startup"/>

I even explicitly set the devices to use this command template instead of auto determine. NCM still executes "write memory". Does anyone know what is going on here?

I recently scanned our server that hosts the Network Configuration Manager web interface using Tenable's "Nessus".  It returned vulnerabilities regarding the physical path disclosure (one hit for each port the web server is listening on -- 443 and 8787) when a 404 message is being returned to the client.

Server - Windows Server 2008 Standard SP2

Network Configuration Manager Version - 7.1

IIS - 7.0

CVE numbers regarding the vulnerabilities:

phy

Has anybody else run into this, and do you know how it can be remediated?

Hello all,

I am new to NCM, and I have one question for which I can't seem to find answer in documentation. Can anyone explain me configuration retrieval process when SNMP/TFTP is used. I was under impression it is possible to retrieve (download) Cisco switch configuration by reading it using SNMP RO string and transfering it using TFTP to TFTP server that is up and running on SolarWinds NCM server. Now that I've written it like this, I am not really sure it is possible. What is the correct procedure and is there a way to keep network environment more secure by not enabling RW access from SolarWinds NCP server (and still being able to get config)?

Thanks, MSM

Hello, we are trying to eliminate our network devices' violations little by little and we're running into an issue with one category. For disable reverse telnet, we are entering the command line under the console and aux ports "transport input none", but many or the violations are not being removed. We've updated our policy reports and still the majority of the disable reverse telnet violations are there.

Is there another way to refresh the policy reporting, or maybe we're missing another Cisco command for this violation...?

Thank you for any help and assistance that you can provide!

Wayne

I could use some help with creating a regular expression that the config change report ignores during it's comparison.  Basically, I have Cirrus comparing the most recent config downloaded with the latest baseline.  The problem is that the running configuration of my cisco devices has the crypto key listed in the config, and in the startup, the crypto key doesn't exist.  I would like to exclude this section from even being compared, but my regular expression knowledge is severely lacking.  I'm guessing there is a way for me to exclude the following:

crypto ca certificate chain TP-self-signed-1667691779
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31363637 36393137 3739301E 170D3036 30383036 31303234
  35365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36363736
  39313737 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B4CA F3563FC5 43010A48 B075619E A7DE4790 AF982EF5 5402B501 207DB313
  67C78E80 CCD4CBA7 D2214222 055D8CBF A676A6A3 64C0B6C2 2247D76C C4C60202
  EFCA453E 5848D707 16D2940D C7384BBE 6BA52028 5F1CD47F C66CFD7B EF51188D
  8AF9B9E9 D4DFB645 1D36E2B0 1D2B6BDE CF00F2FB 149AA487 7CF2FD66 74A4D032
  CDFB0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14797F79 CD395C9D 9BBBF477 BE2CB863 2BD9D2B3 DA301D06
  03551D0E 04160414 797F79CD 395C9D9B BBF477BE 2CB8632B D9D2B3DA 300D0609
  2A864886 F70D0101 04050003 8181007B 9EB45922 73A18372 A31736D2 DA9089FD
  760DE6D1 0B50007E 05BA8328 D8A48A76 5B68D3EE 69BA29BD 89D63CE8 6BEF5ECE
  05DC7804 FAE7DA90 716CB0C5 40BBCB21 8BFDE99D AF3E4D35 796BFA05 FF5F3000
  78368944 B9BA15C8 F017126D 7AF337D0 88F38689 57F73A18 7509491A F3060E3A
  D0F1BCE8 4C110ECF 9A016242 7758E3
  quit

Is there a way to exclude everything to "quit" and what would it look like?  Any help would be appreciated.

Hi All,

I am in need for Device command template for Alcatel model 6850 switch ...which will help me to take Configuration backup of the switch.

I tried few templates that was available in the community but nothing was helping.

If someone help me out with this ...then it wll be very much helpful for me.

Thanks in advance

Hello all,

     I need help creating a report showing devices that are using a certain set of IP's for their TACACS authentication.  We have migrated to a new verision of ACS, and need to get all our devices using the new servers.

Any help would be appreciated

Thanks

I am working on getting RTCD working. I have my cisco devices configured to send SNMP traps:

snmp-server enable traps config

However, a trap is sent when a user enters config mode, not if they actually change anything or when they exit config mode. This is useless since none of the changes are downloaded. Is it possible to use SNMP to send a trap when the config is changed? It seems syslog will log an entry when it's changed, but I'd rather rely on SNMP.

Hi,

We have a lot of Cisco routers in our network and a lot of branches. All of the routers has certificates for DMVPN connectivity.

Can we periodically download output of 'show crypto pki certificates' command to NCM database and generate report with expiration dates?

The output of this command is something like this:

Certificate

  Status: Available

  Certificate Serial Number (hex): 65

  Certificate Usage: General Purpose

  Issuer:

    cn=IOSCA

  Subject:

    Name: RRR1RTR02

    hostname=RRR1RTR02

  CRL Distribution Points:

    http://test.loc

  Validity Date:

    start date: 16:41:27 MSK Oct 1 2012

    end   date: 00:19:12 MSK Aug 29 2013

  Associated Trustpoints: FMM

  Storage: nvram:IOSCA#65.cer

We need to make report about "end date" of routers certificate.

Can we do it with NCM ?

Thanks, Dmitry

New NCM install (for eval).  RTFM-ing until my eyes go buggy.  NCM 7.1.1/ NPM 10.4.1.  Sorry, there is no "Import" job that can be scheduled - "Import" is not on the drop down menu - I swear!.  Admin/Settings/NCM Settings//Sync Nodes does nothing.  C'mon man!  You promised this was gonna be better than it was a year ago when I eval'd the NCM product before!  #painful

-drh

All,

I have completed the DISA STIG update templates for your usage. 

 If you are new to using the Policy Reporter and do not have the STIGs download for use, feel free to download and manipulate them for your deployment.  They are base templates created to save some time in preparing for an inspection or audit. 

 If you are already using the STIG templates there is one policy at the end of the section called "V8R9 Updates" this policy contains templates for the newer STIGs. 

 Unfortunately, this is not a "Turn-Key Solution".  We all have different IP's, requirements, infrastructures, and issues to deal with on a day to day basis.  When I first created these policies, 5 years ago, it would take me approximately 3 weeks to configure everything from scratch.  After doing that serveral times due to mission/engineering/Layer8-9 involvment, I found myself 8 months down the road with and nothing to show.  I truly hope these templates save you time and produce the results you wanted. 

Coding/Symbols of Reports

The Blue "Informational" symbols stands for CATIII

The Yellow "Warning" symbols stands for CATII

The Red "Critical" symbol stands for CATI

A Blank field stands for the policy has worked and the vulnerability has been resolved for that device.

 When you first download this templates, you will find lots of criticals, warnings, and informationals.  That just means some manipulation of IP, Interface, Device, or Group will  need to be configured. If you are new to this compliance standard, it will take you some time to get it configured.  If you have been around and are a fairly good scripter then you will find this fairly easy. 

 I wish you the best and if you have any questions, comments, suggestions, ideas, or opinions, I welcome them.  This product will only get better with your input (good or bad). 

 Sincerely,

CourtesyIT

I have seen the F5 Big IP template in the content sharing section but it does not address the following?

How do you use it? Where do you download or import it too? and how can I backup and report on changes to the following configs in by BigIP/F5's

These are all the config files I need to monitor for changes on 6 different f5's.

Where does the template go?

/defaults/config_base.conf.
/config/bigip_base.conf.
/config/bigip_sys.conf.
/usr/bin/monitors/builtins/base_monitors.conf.
/config/profile_base.conf.
/config/daemon.conf.
/config/bigip.conf.
/config/bigip_local.conf.
 
How do I use NCM to do this?

Help would be appreciated.

Are the Device Command Templates available for the Cisco ASA firewall?  The existing PIX templates use the "no pager" command to disable pagination.  The ASA needs "terminal pager 0" to disable pagination.  So needless to say, the ASA firewalls are not currently being backed up by Cirrus.  Any advice or pointer would be welcome.

We have Fortigate Firewalls that have a Warning banner before login is accepted (You must type 'a') after sending your login credentials. Because of that, the Orion NCM Config Download is failing to get the download. Here is the Trace file:

[7/20/2011 11:55:20 AM] -----------------NCM 6.1-------------------
[7/20/2011 11:55:20 AM] UseCustomMorePromptBehaviour: False
[7/20/2011 11:55:20 AM] Login Attempts: 1
[7/20/2011 11:55:20 AM] Custom UserName Prompt:
[7/20/2011 11:55:20 AM] Device Template: Fortigate-1.3.6.1.4.1.12356.ConfigMgmt-Commands
[7/20/2011 11:55:20 AM] System Name: caca2
[7/20/2011 11:55:20 AM] System Description: Fgt1000a Cluster
[7/20/2011 11:55:20 AM] System OID: 1.3.6.1.4.1.12356.101.1.10001
[7/20/2011 11:55:20 AM] OS Image:
[7/20/2011 11:55:20 AM] OS Version:

[7/20/2011 11:55:20 AM] Menu-Based mode=False
[7/20/2011 11:55:20 AM] FreezeLoginForPreCommands mode= False
[7/20/2011 11:55:20 AM]
-->StateChange: Connecting to server<--

[7/20/2011 11:55:21 AM] Got HostFingerPrint: 81:05:58:e0:04:1c:27:64:3a:1d:a1:c3:5f:47:43:72
[7/20/2011 11:55:21 AM] SWTelnet9 Crypto Information Begin
[7/20/2011 11:55:21 AM] Protocol = SSH2
[7/20/2011 11:55:21 AM] RemoteName = SSH-2.0-2VfVtZcjR0GL7
[7/20/2011 11:55:21 AM] SCcipher = aes128-cbc
[7/20/2011 11:55:21 AM] CSCipher = aes128-cbc
[7/20/2011 11:55:21 AM] Keys = ssh-rsa
[7/20/2011 11:55:21 AM] SWTelnet9 Crypto Information End
[7/20/2011 11:55:21 AM]
-->StateChange: Connected to server - idle<--

[7/20/2011 11:55:21 AM] Solarwinds.Net SWTelnet9 Version 9.0.27
[7/20/2011 11:55:21 AM] Connected!
[7/20/2011 11:55:21 AM] -->
[7/20/2011 11:55:21 AM] -->
[7/20/2011 11:55:21 AM] ProcessLogin State: 0
[7/20/2011 11:55:21 AM] -->
[7/20/2011 11:55:21 AM] --> Use of this computer system indicates that you have read these terms and agree
[7/20/2011 11:55:21 AM] --> to be bound by them.  Use of this computer system is restricted to authorized
[7/20/2011 11:55:21 AM] --> users only.  All activity is logged and regularly checked by systems personnel.
[7/20/2011 11:55:21 AM] --> Individuals using this computer system without authority or in excess of their
[7/20/2011 11:55:21 AM] --> authority may, at Halogen's sole discretion, have their use revoked.  If, via
[7/20/2011 11:55:21 AM] --> use of this computer system, you make illegal services available or negatively
[7/20/2011 11:55:21 AM] --> impact the performance of this computer system or its services, Halogen reserves
[7/20/2011 11:55:21 AM] --> the right to seek all available legal remedies.
[7/20/2011 11:55:21 AM] -->
[7/20/2011 11:55:21 AM] -->  (Press 'a' to accept):
[7/20/2011 11:55:21 AM] ProcessLogin State: 0
[7/20/2011 11:55:22 AM] TimerTick: mstrData=< (Press 'a' to accept):> State=3 - Connected to server - idle
[7/20/2011 11:55:22 AM] Pending Disconnect = False
[7/20/2011 11:55:22 AM] Sending to get a banner!
[7/20/2011 11:55:22 AM] <--

[7/20/2011 11:55:22 AM] -->
[7/20/2011 11:55:22 AM] -->
[7/20/2011 11:55:22 AM] -->
[7/20/2011 11:55:22 AM] ProcessLogin State: 0
[7/20/2011 11:55:22 AM] Disconnected - From: 10.200.200.254
[7/20/2011 11:55:23 AM] -----------------NCM 6.1-------------------
[7/20/2011 11:55:23 AM] UseCustomMorePromptBehaviour: False
[7/20/2011 11:55:23 AM] Login Attempts: 1
[7/20/2011 11:55:23 AM] Custom UserName Prompt:
[7/20/2011 11:55:23 AM] Device Template: Fortigate-1.3.6.1.4.1.12356.ConfigMgmt-Commands
[7/20/2011 11:55:23 AM] System Name: caca2
[7/20/2011 11:55:23 AM] System Description: Fgt1000a Cluster
[7/20/2011 11:55:23 AM] System OID: 1.3.6.1.4.1.12356.101.1.10001
[7/20/2011 11:55:23 AM] OS Image:
[7/20/2011 11:55:23 AM] OS Version:

[7/20/2011 11:55:23 AM] Menu-Based mode=False
[7/20/2011 11:55:23 AM] FreezeLoginForPreCommands mode= False
[7/20/2011 11:55:23 AM]
-->StateChange: Connecting to server<--

[7/20/2011 11:55:23 AM] Got HostFingerPrint: 81:05:58:e0:04:1c:27:64:3a:1d:a1:c3:5f:47:43:72
[7/20/2011 11:55:23 AM] SWTelnet9 Crypto Information Begin
[7/20/2011 11:55:23 AM] Protocol = SSH2
[7/20/2011 11:55:23 AM] RemoteName = SSH-2.0-2VfVtZcjR0GL7
[7/20/2011 11:55:23 AM] SCcipher = aes128-cbc
[7/20/2011 11:55:23 AM] CSCipher = aes128-cbc
[7/20/2011 11:55:23 AM] Keys = ssh-rsa
[7/20/2011 11:55:23 AM] SWTelnet9 Crypto Information End
[7/20/2011 11:55:23 AM]
-->StateChange: Connected to server - idle<--

[7/20/2011 11:55:23 AM] Solarwinds.Net SWTelnet9 Version 9.0.27
[7/20/2011 11:55:23 AM] Connected!
[7/20/2011 11:55:23 AM] -->
[7/20/2011 11:55:23 AM] -->
[7/20/2011 11:55:23 AM] ProcessLogin State: 0
[7/20/2011 11:55:23 AM] -->
[7/20/2011 11:55:23 AM] --> Use of this computer system indicates that you have read these terms and agree
[7/20/2011 11:55:23 AM] --> to be bound by them.  Use of this computer system is restricted to authorized
[7/20/2011 11:55:23 AM] --> users only.  All activity is logged and regularly checked by systems personnel.
[7/20/2011 11:55:23 AM] --> Individuals using this computer system without authority or in excess of their
[7/20/2011 11:55:23 AM] --> authority may, at Halogen's sole discretion, have their use revoked.  If, via
[7/20/2011 11:55:23 AM] --> use of this computer system, you make illegal services available or negatively
[7/20/2011 11:55:23 AM] --> impact the performance of this computer system or its services, Halogen reserves
[7/20/2011 11:55:23 AM] --> the right to seek all available legal remedies.
[7/20/2011 11:55:23 AM] -->
[7/20/2011 11:55:23 AM] -->  (Press 'a' to accept):
[7/20/2011 11:55:23 AM] ProcessLogin State: 0
[7/20/2011 11:55:24 AM] TimerTick: mstrData=< (Press 'a' to accept):> State=3 - Connected to server - idle
[7/20/2011 11:55:24 AM] Pending Disconnect = False
[7/20/2011 11:55:24 AM] Sending to get a banner!
[7/20/2011 11:55:24 AM] <--

[7/20/2011 11:55:24 AM] -->
[7/20/2011 11:55:24 AM] -->
[7/20/2011 11:55:24 AM] -->
[7/20/2011 11:55:24 AM] ProcessLogin State: 0
[7/20/2011 11:55:25 AM] Disconnected - From: 10.200.200.254
[7/20/2011 11:55:25 AM] -----------------NCM 6.1-------------------
[7/20/2011 11:55:25 AM] UseCustomMorePromptBehaviour: False
[7/20/2011 11:55:25 AM] Login Attempts: 1
[7/20/2011 11:55:25 AM] Custom UserName Prompt:
[7/20/2011 11:55:25 AM] Device Template: Fortigate-1.3.6.1.4.1.12356.ConfigMgmt-Commands
[7/20/2011 11:55:25 AM] System Name: caca2
[7/20/2011 11:55:25 AM] System Description: Fgt1000a Cluster
[7/20/2011 11:55:25 AM] System OID: 1.3.6.1.4.1.12356.101.1.10001
[7/20/2011 11:55:25 AM] OS Image:
[7/20/2011 11:55:25 AM] OS Version:

[7/20/2011 11:55:25 AM] Menu-Based mode=False
[7/20/2011 11:55:25 AM] FreezeLoginForPreCommands mode= False
[7/20/2011 11:55:25 AM]
-->StateChange: Connecting to server<--

[7/20/2011 11:55:25 AM] Got HostFingerPrint: 81:05:58:e0:04:1c:27:64:3a:1d:a1:c3:5f:47:43:72
[7/20/2011 11:55:25 AM] SWTelnet9 Crypto Information Begin
[7/20/2011 11:55:25 AM] Protocol = SSH2
[7/20/2011 11:55:25 AM] RemoteName = SSH-2.0-2VfVtZcjR0GL7
[7/20/2011 11:55:25 AM] SCcipher = aes128-cbc
[7/20/2011 11:55:25 AM] CSCipher = aes128-cbc
[7/20/2011 11:55:25 AM] Keys = ssh-rsa
[7/20/2011 11:55:25 AM] SWTelnet9 Crypto Information End
[7/20/2011 11:55:25 AM]
-->StateChange: Connected to server - idle<--

[7/20/2011 11:55:25 AM] Solarwinds.Net SWTelnet9 Version 9.0.27
[7/20/2011 11:55:25 AM] Connected!
[7/20/2011 11:55:25 AM] -->
[7/20/2011 11:55:25 AM] -->
[7/20/2011 11:55:25 AM] ProcessLogin State: 0
[7/20/2011 11:55:25 AM] -->
[7/20/2011 11:55:25 AM] --> Use of this computer system indicates that you have read these terms and agree
[7/20/2011 11:55:25 AM] --> to be bound by them.  Use of this computer system is restricted to authorized
[7/20/2011 11:55:25 AM] --> users only.  All activity is logged and regularly checked by systems personnel.
[7/20/2011 11:55:25 AM] --> Individuals using this computer system without authority or in excess of their
[7/20/2011 11:55:25 AM] --> authority may, at Halogen's sole discretion, have their use revoked.  If, via
[7/20/2011 11:55:25 AM] --> use of this computer system, you make illegal services available or negatively
[7/20/2011 11:55:25 AM] --> impact the performance of this computer system or its services, Halogen reserves
[7/20/2011 11:55:25 AM] --> the right to seek all available legal remedies.
[7/20/2011 11:55:25 AM] -->
[7/20/2011 11:55:25 AM] -->  (Press 'a' to accept):
[7/20/2011 11:55:25 AM] ProcessLogin State: 0
[7/20/2011 11:55:26 AM] TimerTick: mstrData=< (Press 'a' to accept):> State=3 - Connected to server - idle
[7/20/2011 11:55:26 AM] Pending Disconnect = False
[7/20/2011 11:55:26 AM] Sending to get a banner!
[7/20/2011 11:55:26 AM] <--

[7/20/2011 11:55:26 AM] -->
[7/20/2011 11:55:26 AM] -->
[7/20/2011 11:55:26 AM] -->
[7/20/2011 11:55:26 AM] ProcessLogin State: 0
[7/20/2011 11:55:27 AM] Disconnected - From: 10.200.200.254

How can I modify the Template to fix this issue ?

Thanks in advance,

Alex Martins

Before I open a support case, does anybody have a quick reason why config searches in the NCM web app might be broken, but working fine in the console app? Running NCM 7.1.

NCM 7.x has several node management improvements (common with Orion Core/NPM, new Discovery Sonar…).
Due to these changes, NCM 7.x has stricter rules related to node uniqueness and duplicate nodes are not allowed anymore in NCM 7.0 (because NCM nodes are being handled by Orion Core, which does not support duplicate nodes).

This NCM 6.x capability was sometimes used to deal with devices such as the Cisco ASA, which require management of multiple contexts.

The solution in NCM 7.x (can work in NCM 6.1 as well) uses multiple Config Types:

Solution:

1.       In Win32 NCM application, add a new Config Type for each context (for example Context1, Context2).

2.       Specify in your device template, how to switch to each context (see example below).

3.       Include the${ConfigType} macro in the Reset Command.

4.       Make sure to specify the RegEx value in the Reset command. Depending on your prompt settings, the value should be '#', '>', ']', etc.

5.       Avoid using ${ConfigType} macro in the DownloadConfig command. Make sure the command is the right one, e.g. "show running-config".

Device Template Example:

<Command Name="RESET" Value="${ConfigType}" RegEx="#" />

<Command Name="Context1" Value="command to switch to Context1"  />

<Command Name="Context2" Value="command to switch to Context2 "/>

<Command Name="DownloadConfig" Value="show running-config"/>

Explanation:

When NCM downloads a configuration, the first command issued is the ‘Reset’ command defined in the device template.

The ${ConfigType} macros will be replaced by the appropriate switch context command, based on the config type selected for the dowload.

The context will be dynamically switched before the download command is executed.

When the context is changed, so is the prompt. In order to recognize the prompt, a regular expression (RegEx) must be used to ignore the variable part of the prompt.

Example:

Let’s assume the command mode prompt after login is : Tex-3750#

-          After switching to Context1, the command mode prompt becomes Tex-3750-Context1#.

-          After switching to Context2,the command mode prompt becomes Tex-3750-Context2#.

The RegEx to use in the reset command should match the common portion of the prompt in both contexts. In this example this could be RegEx="#".

An NCM user shared the result of his work (FWSM on NCM 6.1):

Should work the same in NCM 7.0. Thanks csowerby

Cisco FWSM Virtual Context Template

Message was edited by: Jiri Cvachovec

Hi,

I have a problem with my startup-config on some cisco devices. If I use the boot config usbflash0:xxx command the NCM can't fetch the startup-config anymore.

Is it possible to change the config path? And where?

Thanks in advance,

HT

We recently installed NCM primarily for the purpose of downloading and backing up the config files for our Cisco devices.

We like the compare feature, but the widget/device in the dashboard that informed us that nearly 100 percent of our startup and running configs contained discrepancies was a little misleading.

Especially when we delved in and started looking at the differences. Many times, two lines would simply be reversed. Line 3 was blank in the running config, but contained a configuration line in line 4. But, in the startup config, line 4 was blank and line 3 contained the contents of line 4 in the running configs.

Lines containing keys, pre-shared keys and cryptochecksums also showed as different, even though in reality one is simply showing a string of **** while the startup config contained the actual password.

Is there a way to program the comparison process to ignore such differences?