Quantcast
Channel: THWACK: Popular Discussions - Network Configuration Manager
Viewing all 4266 articles
Browse latest View live

Cisco IOS Upload via SCP/SFTP Server Integrated in Solarwinds NCM

January 26, 2014, 8:41 pm
$
0
0

Hi,

I have got some issues when I am trying to update my switch firmware through SCP/SFTP Server which is integrated on Solarwinds Network configuration Manager.

SSH is allowed between Solarwinds Server and Cisco devices. If you faced the same problem please guide me how can we solve this issue ?

 

I have enabled the SCP server and created one <user > without any password.

Copied the IOS image on X:/sftproot - Solarwinds Server.

Start SFTP server on Solarwinds Server.

Execute Command on switch  :

Router1#copy scp: flash:
Address or name of remote host []? 10.x.x.x
Source username [user1]? user
Source filename []? image_filename.bin
Destination filename [image_filename.bin]?

%Error opening scp://user@10.x.x.x/image_filename.bin (Undefined error)
Router1#

Search

config change templates ios upgrade cisco flash

January 4, 2017, 5:58 am
$
0
0

hy, I am trying to make a "generic IOS upgrade" template. there i work with the fallowing script:

 

script BaseChangeTemplate(

                            NCM.Nodes @ContextNode,

                            string @tftpserver,

                            string @iosfile

                          )

{

if (@iosfile contains ' ')

  {}

  CLI

  {

dir flash:

conf t

ip tftp source-interface Loopback 0

end

 

 

copy tftp: flash:

@tftpserver

@iosfile

 

 

 

dir flash:@iosfile

  }

}

 

 

 

now i am looking for a way to add some additional "if / else" statements like

- if the @iosfile" is already on the disk, do not upload it (maybe with @CiscoFlashFiles of the inventory??) but could not figure out in the documentation or thwack what the VARIABLE is

- if the @CiscoFlash "left size" is smaller then 10MB do not upload

- if there are more then one file on the CiscoFlash, check with is the "System image file is "flash:c880data-universalk9-mz.151-2.T1.old from the "show version" and delete all others

 

has anyone such scripts or can anyone help me here to generate one?

regards Pascal

Cisco IOS Upload via SCP/SFTP Server Integrated in Solarwinds NCM

January 26, 2014, 8:41 pm
$
0
0

Hi,

I have got some issues when I am trying to update my switch firmware through SCP/SFTP Server which is integrated on Solarwinds Network configuration Manager.

SSH is allowed between Solarwinds Server and Cisco devices. If you faced the same problem please guide me how can we solve this issue ?

 

I have enabled the SCP server and created one <user > without any password.

Copied the IOS image on X:/sftproot - Solarwinds Server.

Start SFTP server on Solarwinds Server.

Execute Command on switch  :

Router1#copy scp: flash:
Address or name of remote host []? 10.x.x.x
Source username [user1]? user
Source filename []? image_filename.bin
Destination filename [image_filename.bin]?

%Error opening scp://user@10.x.x.x/image_filename.bin (Undefined error)
Router1#

Using NCM to push out Config changes

March 4, 2014, 6:24 am
$
0
0

So we were using the NCM to back up the Cisco device we have... but now we would like to use it to push out configuration changes to multiple devices at once.  I tried looking at the base template and some other examples, but its a foreign  language to me.  Can someone break down the templates to me so I can try to learn how to use them?  Thanks in advance!

Best practices for switch configuration backup retention.

January 7, 2013, 4:03 pm
$
0
0

I want to pose a question to other network professionals on Thwack:  How long do you retain switch configuration backups stored in NCM? 

 

I have noticed our NCM database starting to get a bit sluggish, especially on the web portal, and I saw that there are some nodes with over 2 years of daily configuration backups stored!  I am sure that there are nodes whose backups haven't been purged since they were added to NCM.  Diving deeper into the issue, the question of best practices comes up.  How many backups are enough to satisfy your own internal disaster recovery requirements?  I am hoping that I can get a few varied answers so I have something to stand on when I recommend we get rid of ancient configuration files.

Is anyone backing up Cisco ONS 15454's in NCM?

September 4, 2013, 11:58 am
$
0
0

If you could share your config-mgmt file for the Cisco ONS 15454 OID 1.3.6.1.4.1.3607.1.20.10.70 it would be greatly appreciated!

Cisco Config Change Templates for TACACS

December 26, 2016, 6:45 am
$
0
0

Hi,

We have just installed Cisco ISE with TACACS capability and want to move all devices off our ACS servers onto the ISE as well as introduce all other devices that didn't use TACACS due to lack of licensing (ISE is a perpetual no device limit license whereas ACS had a 500 device limit). So, in order to make the deployment as secure as we can we are looking to use unique TACACS keys for each device instead of a single key for all devices or groups of devices.

 

To this end we have generated a uniquie key for every Cisco device in the NCM database and I have two list - device and key.

 

How do I create a config change template to dynamically pick the device and associated key from these lists to make the so it will use them as parameters to create the code snippets? Is this even possible?

Can NCM use TACACS for some nodes and not for others?

January 5, 2017, 6:27 am
$
0
0

We're finally moving to TACACS for all switch access, which is great. To that end, I'm doing some NCM testing on some switches where we've set up TACACS for auth.

 

However, I'm running into a little problem when building a connection profile for the appropriate TACACS user (a specific service account). Testing shows that the HP 54xx switch refuses the connection, although an SSH session tested from our poller works perfectly.

 

This is an iterative project, so we're not moving all switches to TACACS immediately, and will still use device settings for many of them for some time.

 

Am I missing something here?

 

Thanks for any information you can provide.

Search

Cisco IOS download via NCM TFTP

May 28, 2012, 6:28 am
$
0
0

Has anyone ever used an NCM script to copy the IOS file from the SolarWinds server via TFTP to a Cisco Switch?

 

I am looking for an example to implement.

 

Thanks a mil

Saving Changed Configs Only

January 6, 2017, 5:54 am
$
0
0

Hi,

 

 

NCM is great for saving all of our configs, but it would be nice if NCM would only save configs that were different....meaning if there have been no changes since the last save disregard the current config. Is there a way to do this in Solarwinds console or is this a function of the Server itself?

 

As you can imagine the since of the folder containing our configs grows quite large over time.It would be nice to keep it as tight as possible.

 

 

Thank you, Pat

config change templates ios upgrade cisco flash

January 4, 2017, 5:58 am
$
0
0

hy, I am trying to make a "generic IOS upgrade" template. there i work with the fallowing script:

 

script BaseChangeTemplate(

                            NCM.Nodes @ContextNode,

                            string @tftpserver,

                            string @iosfile

                          )

{

if (@iosfile contains ' ')

  {}

  CLI

  {

dir flash:

conf t

ip tftp source-interface Loopback 0

end

 

 

copy tftp: flash:

@tftpserver

@iosfile

 

 

 

dir flash:@iosfile

  }

}

 

 

 

now i am looking for a way to add some additional "if / else" statements like

- if the @iosfile" is already on the disk, do not upload it (maybe with @CiscoFlashFiles of the inventory??) but could not figure out in the documentation or thwack what the VARIABLE is

- if the @CiscoFlash "left size" is smaller then 10MB do not upload

- if there are more then one file on the CiscoFlash, check with is the "System image file is "flash:c880data-universalk9-mz.151-2.T1.old from the "show version" and delete all others

 

has anyone such scripts or can anyone help me here to generate one?

regards Pascal

Orion Error when setting NCM Credentials

September 30, 2008, 11:09 am
$
0
0

 I have downloaed the Release Candidate for NCM and am trying to integrate it with Orion.  Seperately, they both seem to work properly, but I have wierd issues with the web side of them.  My First issue is that when i try to set the credentials for NCM when it's pulling the config files for Orion I get an Orion Error.  Below is the error message:

 

 

Orion Website Error

An error has occurred with the Orion website.

Additional Information

System.Security.Cryptography.CryptographicException: Bad Data.

 at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
 at System.Security.Cryptography.Utils._DecryptKey(SafeKeyHandle hPubKey, Byte[] key, Int32 dwFlags)
 at System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] rgb, Boolean fOAEP)
 at CryptoHelper.Decrypt(String cipherText)
 at ISWrapper.get_Password()
 at Orion_NetPerfMon_Resources_CirrusResources_Credential.OnInit(EventArgs e)
 at System.Web.UI.Control.InitRecursive(Control namingContainer)
 at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
 
 
My other issue is that in the NCM web console, I don't have anything under the Inventory tab and I don't even have the Compliance tab. What should I do/start with?

Remediation Script for ACLs

January 2, 2017, 10:13 am
$
0
0

Hi,

 

I'm trying to create a remediation script to correct ACLs on cisco devices.  Updating the ACL is pretty easy, but I need to unapply the ACL first, make the change and reapply.  Is there a way to iterate through the config, find the interfaces that have it applied, record that information and perform the change?

 

For example, something like the following

 

--SAMPLE CONFIG--

Interface Tunnel0

access-group 10 in

 

Interface Tunnel2

access-group 10 in

. . . .

 

access-list 10 permit 10.10.10.1

access-list  10 permit 10.20.10.1

...

 

 

--PSEUDO CODE--

 

@InterfaceList = []

 

foreach @Line in @interfaces {

     if @Line contains 'access-group 10 in'

          @interfaceList.push(@interfacename)

}

 

CLI {

     no access-list 10

     access-list 10 permit 10.10.10.1

     access-list 10 permit 10.20.10.1

     access-list 10 permit 10.30.10.1

}

 

foreach @interface in @interfacelist {

     CLI {

          access-group 10 in

     }

}

A solution to multi-context config download with NCM (Cisco ASA, FWSM...)

December 9, 2011, 3:01 pm
$
0
0

NCM 7.x has several node management improvements (common with Orion Core/NPM, new Discovery Sonar…).
Due to these changes, NCM 7.x has stricter rules related to node uniqueness and duplicate nodes are not allowed anymore in NCM 7.0 (because NCM nodes are being handled by Orion Core, which does not support duplicate nodes).

This NCM 6.x capability was sometimes used to deal with devices such as the Cisco ASA, which require management of multiple contexts.

The solution in NCM 7.x (can work in NCM 6.1 as well) uses multiple Config Types:

Solution:

1.       In Win32 NCM application, add a new Config Type for each context (for example Context1, Context2).

2.       Specify in your device template, how to switch to each context (see example below).

3.       Include the${ConfigType} macro in the Reset Command.

4.       Make sure to specify the RegEx value in the Reset command. Depending on your prompt settings, the value should be '#', '>', ']', etc.

5.       Avoid using ${ConfigType} macro in the DownloadConfig command. Make sure the command is the right one, e.g. "show running-config".

 

Device Template Example:

<Command Name="RESET" Value="${ConfigType}" RegEx="#" />

<Command Name="Context1" Value="command to switch to Context1"  />

<Command Name="Context2" Value="command to switch to Context2 "/>

<Command Name="DownloadConfig" Value="show running-config"/>

 

Explanation:

When NCM downloads a configuration, the first command issued is the ‘Reset’ command defined in the device template.

The ${ConfigType} macros will be replaced by the appropriate switch context command, based on the config type selected for the dowload.

The context will be dynamically switched before the download command is executed.

When the context is changed, so is the prompt. In order to recognize the prompt, a regular expression (RegEx) must be used to ignore the variable part of the prompt.


Example:

Let’s assume the command mode prompt after login is : Tex-3750#

-          After switching to Context1, the command mode prompt becomes Tex-3750-Context1#.

-          After switching to Context2,the command mode prompt becomes Tex-3750-Context2#.

The RegEx to use in the reset command should match the common portion of the prompt in both contexts. In this example this could be RegEx="#".

 

 

 

An NCM user shared the result of his work (FWSM on NCM 6.1):

Should work the same in NCM 7.0. Thanks csowerby

Cisco FWSM Virtual Context Template

 

Message was edited by: Jiri Cvachovec

Looking for list of NCM variables

October 27, 2011, 3:13 pm
$
0
0

I'm looking for a complete list of built-in variables that I could use in NCM scripts or change templates.

Specifically, I'm trying to mass change the hostname and domain of Cisco devices based on the Node Name in Solarwinds database. We recently adopted a new naming convention, so we re-named the devices in NPM / NCM hoping to automate the process of renaming the devices itself.

I want to run a script that would look something like this:

conf t

hostname ${NodeName}

ip domain-name ${NodeDomain}

exit

wri mem

But I can't seem to find the correct variables to use. I saw a list of NCM global variables listed in the Admin Guide, but didn't find what I was looking for. I was thinking of parsing out the domain and hostname out of the Solarwinds Node name.

Any help would be appreciated.

Search

SolarWinds NCM Connector for Cisco SmartAdvisor

November 4, 2015, 11:59 am
$
0
0

Saw this came out and took a look at the documentation.

 

Is there a special kind/level of Cisco account/access you need for this to work?

 

I have a Cisco.com account that is linked to my contracts (lets me download code, etc), but when I try to run the report it says "UserID is not valid".

Solarwinds NCM and Cisco Vulnerability management - 3 questions.

January 10, 2017, 6:13 am
$
0
0

Hi,

 

We're about to start using solarwinds NCM 7.5.1 for vulnerability management but I have a few questions I'm hoping someone who already uses this can help out with.

 

1) Is there still an issue with false positives because NCM doesn't detect minor IOS versions, this issue may make it a bit of a non starter, I really don't want loads of false positives to have to validate because solarwinds can't detect minor versions?

 

2) We score the CVSS using the following

Critical : 9.0 - 10

High : 7.0 - 8.9

Medium : 4.0 - 6.9

Low : 3.9 or below

 

but NCM doesn't seem to have a critical section, it just considers everything above 7 as high, is there somewhere I can configure this as we have 7 days to fix a critical vulnerability but 30 days to fix a high one so I need to be able to separate them in reports and the resource?

 

3) In the press release it says NCM can identify device vulnerabilities and provide automated remediation actions, I can't find any video's or guides that go beyond setting up the Firmware Vulnerabilities Resource or the vulnerabilities reports, so I've got as far as detection, where do I look for recommended remediation actions per node?

 

Thanks for any help or pointers to guides that I've missed,

Steve.

Running vs Startup Config - "certificate self-signed" in Running but not in Startup Config

March 24, 2010, 12:14 pm
$
0
0

I noticed a high percentage of out of sync running vs startup configs for my Cisco equipment.  Upon further investigation I see that it is because the self-signed certificates do not show up in startup config as they do in running config.  We use self-signed certificates for SSH encryption.  Is there any way NCM can be configured to ignore the certs, so far s the running vs startup config reports?

How to change in mass the polling type from ICMP only to ICMP + SNMP?

October 23, 2014, 7:35 am
$
0
0

When I attempt to use Network Sonar Discovery to change nodes from ICMP only to ICMP + SNMP, it tells me it cannot modify the device as it already exists using a different polling method.

 

If I open and edit each node one at a time I can change the polling method successfully.

 

Is there any way to change devices in mass like this? I have about 200 devices to convert.

Cisco WLC Backup

February 23, 2007, 8:03 am
$
0
0
Hi,

Has anyone had success backing up a Cisco Wireless LAN Controller config with Cirrus?
Viewing all 4266 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>