Solved

Cisco LMS 4.1

Posted on 2013-01-20
8
897 Views
Last Modified: 2013-02-10
Gentlemen,

Greetings!

Our company recently installed a fresh copy of Cisc LMS Prime 4.1.
I have so far configured it  to discover all of the cisco devices on our network.
The problem is, when I try to copy a configuration from 3750 switches to the LMS tftp,
the switch displays an error message that say the copy failed due to an "access denied".

I have been told this is due to the tftp server not being set up properly.  I would think
that an application as robust as Ciosco Works would have the tftp sever already preconfigured after the initial install?

Note:  The apllication resides on a Windows 2k8 server and a TACACS server is used
in conjuction with the LMS for authentication.

Thanks in advance!

rayneedssomehelp
0
Comment
Question by:Rayneedssomehelp
  • 4
  • 3
8 Comments
 
LVL 37

Expert Comment

by:ArneLovius
ID: 38800620
are you able to connect with a tftp client ?

could a firewall rule be being pushed out via GPO ?

could there be something else in the traffic path that is "interfering" with tftp ?
0
 
LVL 25

Expert Comment

by:Ken Boone
ID: 38801113
A few things.  When I am managing a network with LMS I always set up management IP addresses on all my boxes.  Don't know if you did this or not.  But when a cisco router or switch originates a packet - i.e. you telnet from the router, you tftp from the switch, etc..  The source IP address is always the ip address on the egress interface.  The management IP address I configured is sometimes not the egress interface.  So you can add the following command:

ip tftp source interface vlan255

This will set the source ip address for all tftp originated traffic to the IP address configured on the SVI for vlan 255.

At that point you know exactly what IP address you are dealing with when examining firewalls, ACL, or entries into LMS.

I don't recall ever having to go in and turn on the tftp service with any version of LMS.  I have seen folks install it on a machine that already had a tftp server running , and that of course hosed it up.

What I will say is this.  With 99% of the problems you run into with LMS you will have to open a TAC case.  The documentation is horrible and the product is not intuitive.  Once its up and running it is very powerful and does a great job, but resolving issues seems to always take a TAC case.  I have been dealing with LMS for 10 years in various accounts and this seems to hold true.
0
 

Author Comment

by:Rayneedssomehelp
ID: 38801576
Hello,

All Cisco devices including the LMS serverare in the DMZ.  None of the Cisco devices need to
go through our firewall to communicate with each other...I can ping the server and vice versa from the devices.


We are using private loopback IP's for management on all the Cisco devices.  We previously
employed Solarwinds and What't Up Gold and had no issues with tftp.  Our network
topology has NOT changed duing this time.

I have been  seeing blogs that mentioned the "causer" and a folder that needs to be created
for the tftp server to fuction properly, but I can't find anything in the LMS help files that talk
about this.

How do I even get to the tftp server to change or edit settings?
Where is it located on the LMS application?   I can't find any paths to it!

rayneedssomehelp
0
Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

 
LVL 25

Expert Comment

by:Ken Boone
ID: 38801925
That is precisely my point.  The docs are awful.  Knowing that you are managing the devices with a loopback, you should set the ip source tftp interface to that loopback.
0
 

Author Comment

by:Rayneedssomehelp
ID: 38802973
I get that part, but where in the application is the config files saved on the tftp server?
And where can I make settings changes for the tftp server?

Thanks!

rayneedssomehelp
0
 
LVL 25

Expert Comment

by:Ken Boone
ID: 38803154
Well from what I see the only setting or setup that needs to be done for the tftp server is for solaris only.  I haven't dealt with that for years.  I don't recall any setup as far as enabling the tftp server goes.  I think it is setup and running by default.

Now the files should be in the following location:
NMSROOT\files\rme\dcma
Where NMSROOT is the Cisco Prime installed directory.

But in earlier versions it was in a shadow directory about 10 levels deep.  Look there and see what you got.. but if you run a config archive job and they all fail, there won't be anything there.
0
 

Author Comment

by:Rayneedssomehelp
ID: 38803628
What about this folder for Smart Installs called TFTP Boot.  I am understanding that this folder
needs to be created,  in order for image or config file deployment to be successful.

Would this be the same file\folder be used to save images or configuration files from the
client\devices to the tftp server?

Thanks,

rayneedssomehelp
0
 
LVL 25

Accepted Solution

by:
Ken Boone earned 500 total points
ID: 38803863
I don't know about the smart installs.  sorry.
0

Featured Post

Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port 808 is being blocked 9 140
VM networking best practice and design consideration ? 14 93
Performance monitors 6 44
Edge switch problems cisco 2960 25 48
A Wildcard Certificate means all of your sub-domains will resolve to the same location, regardless of the non-SSL Document-Root specification. A user will need to purchase a wildcard SSL from a vendor or a reseller that supplies them. Similar to ha…
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question